URL: https://github.com/freeipa/freeipa/pull/526
Title: #526: server install: properly handle PKINIT-related options

abbra commented:
"""
No, you are wrong. Certmonger has own local self-signed CA in all installs:

    # getcert list-cas
      ....
     CA 'local':
         is-default: no
         ca-type: EXTERNAL
         helper-location: /usr/libexec/certmonger/local-submit

This is what can and should be used for self-signed case for PKINIT.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/526#issuecomment-283327044
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to