URL: https://github.com/freeipa/freeipa/pull/526
Title: #526: server install: properly handle PKINIT-related options

abbra commented:
No, you are wrong. Certmonger has own local self-signed CA in all installs:

    # getcert list-cas
     CA 'local':
         is-default: no
         ca-type: EXTERNAL
         helper-location: /usr/libexec/certmonger/local-submit

This is what can and should be used for self-signed case for PKINIT.

See the full comment at 
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to