We're finally implementing IPA in our company (migrating from Sun Identity Manager populated LDAP + manually maintained netgroups and sudoers also in LDAP). I think I understand how to migrate these parts to IPA, but the dogtag part is quite foreign currently..
We already has two private PKI infrastructures implemented. One for managing user certificates for about 250 openvpn users, and another for managing certificates for a few internal web services. Should we look into re-using one of these CA's in IPA? I think it would be marvelous if IPA/dogtag could create certs/keys for the users, and keep a copy of the users csr's so that it could automatically send the user an updated certificate with an expiry matching the password lifetime. Is this something that's possible currently, or on the roadmap maybe? -jf _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
