Title: #694: RFC: implement local PKINIT deployment in server/replica install
@MartinBasti I haven't thought about CA-less -> CA-full but in this case you
would have local PKINIT and should configure full PKINIT manually
All the other scenarios should be covered by the incoming code.
Regarding your comment on the certmonger helper/special CA, we (me and
@HonzaCholasta ) decided to remove it and use a self-sign CA instead.
See the full comment at
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code