Title: #337: Client-side CSR autogeneration (take 2)
@LiptonB, I think certificate profiles and CSR generation profiles / templates
*should* be associated, but not by sharing the same logical `certprofile`
object, as it creates an unwarranted dependency on Dogtag. Instead CSR
templates should be represented by their own dedicated objects separate from
`certprofile` objects, which can contain a reference to the default CSR
template object. This way it will be possible to extend `cert-request` as you
described, but it will also be possible to generate a CSR and submit it to an
external CA, even in CA-less IPA deployment.
As for `userCert`, removing just the dogtag profile but keeping the CSR
template is exactly what I meant.
See the full comment at
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code