URL: https://github.com/freeipa/freeipa/pull/337 Title: #337: Client-side CSR autogeneration (take 2)
HonzaCholasta commented: """ @LiptonB, I think certificate profiles and CSR generation profiles / templates *should* be associated, but not by sharing the same logical `certprofile` object, as it creates an unwarranted dependency on Dogtag. Instead CSR templates should be represented by their own dedicated objects separate from `certprofile` objects, which can contain a reference to the default CSR template object. This way it will be possible to extend `cert-request` as you described, but it will also be possible to generate a CSR and submit it to an external CA, even in CA-less IPA deployment. As for `userCert`, removing just the dogtag profile but keeping the CSR template is exactly what I meant. """ See the full comment at https://github.com/freeipa/freeipa/pull/337#issuecomment-274740750
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code