We're finally implementing IPA in our company (migrating from Sun
Identity Manager populated LDAP + manually maintained netgroups and
sudoers also in LDAP). I think I understand how to migrate these parts
to IPA, but the dogtag part is quite foreign currently..

We already has two private PKI infrastructures implemented. One for
managing user certificates for about 250 openvpn users, and another for
managing certificates for a few internal web services. Should we look
into re-using one of these CA's in IPA?

I think it would be marvelous if IPA/dogtag could create certs/keys for
the users, and keep a copy of the users csr's so that it could automatically
send the user an updated certificate with an expiry matching the password
lifetime. Is this something that's possible currently, or on the roadmap maybe?


Freeipa-users mailing list

Reply via email to