On Tue, 2013-02-19 at 14:38 -0700, Orion Poplawski wrote: > This is a followup to some previous discussions. I have been lobbying to > keep > (and fix) the ability to install your own certificates when configuring IPA > in > order to make use of wildcard SSL certificates. But it seems this will not > be > the case. My last post on this went unanswered and I see tickets for the > removal going forward. > > As I understand it though, I'll still be able to generate a CSR for the > server > and get it signed by and external CA? If this is the case, I guess this > extra > expense of individual SSL certificates for the various IPA servers could be > acceptable, although unfortunate as this is what we had hoped to avoid with > the wildcard cert. > > Finally, there was mention of the possibility of getting the IPA CA signed by > an external authority. Just to let everyone know, this is a very expensive > proposition. I was quoted a $22,500 start fee plus licensing costs. This is > *way* out of our (and I suspect many other small businesses) price range.
Why would you need to get your CA signed by a public authority ? When we say external we generally think of another "Internal CA" that you already use for your own services. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list Freeipa-users@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-users