This is a followup to some previous discussions. I have been lobbying to keep (and fix) the ability to install your own certificates when configuring IPA in order to make use of wildcard SSL certificates. But it seems this will not be the case. My last post on this went unanswered and I see tickets for the removal going forward.

As I understand it though, I'll still be able to generate a CSR for the server and get it signed by and external CA? If this is the case, I guess this extra expense of individual SSL certificates for the various IPA servers could be acceptable, although unfortunate as this is what we had hoped to avoid with the wildcard cert.

Finally, there was mention of the possibility of getting the IPA CA signed by an external authority. Just to let everyone know, this is a very expensive proposition. I was quoted a $22,500 start fee plus licensing costs. This is *way* out of our (and I suspect many other small businesses) price range.

Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA, Boulder Office                  FAX: 303-415-9702
3380 Mitchell Lane             
Boulder, CO 80301         

Freeipa-users mailing list

Reply via email to