On 02/19/2013 03:10 PM, Simo Sorce wrote:
On Tue, 2013-02-19 at 14:38 -0700, Orion Poplawski wrote:
This is a followup to some previous discussions.  I have been lobbying to keep
(and fix) the ability to install your own certificates when configuring IPA in
order to make use of wildcard SSL certificates.  But it seems this will not be
the case.  My last post on this went unanswered and I see tickets for the
removal going forward.

As I understand it though, I'll still be able to generate a CSR for the server
and get it signed by and external CA?  If this is the case, I guess this extra
expense of individual SSL certificates for the various IPA servers could be
acceptable, although unfortunate as this is what we had hoped to avoid with
the wildcard cert.

Finally, there was mention of the possibility of getting the IPA CA signed by
an external authority.  Just to let everyone know, this is a very expensive
proposition.  I was quoted a $22,500 start fee plus licensing costs.  This is
*way* out of our (and I suspect many other small businesses) price range.

Why would you need to get your CA signed by a public authority ?

When we say external we generally think of another "Internal CA" that
you already use for your own services.



Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA, Boulder Office                  FAX: 303-415-9702
3380 Mitchell Lane                       or...@nwra.com
Boulder, CO 80301                   http://www.nwra.com

Freeipa-users mailing list

Reply via email to