On Tue, Feb 19, 2013 at 3:19 PM, Nico Kadel-Garcia <[email protected]> wrote:
> SSL certicificates are associated with specific applications, so > there's no surprise here. Also,some of the contents in /etc/pki are > for GPG keys, not SSL certificates (such as /etc/pki/rpm-gpg). And > others are for applications that probably don't need this unless > you're going to a lot of work, such as "/etc/pki/dovecot". And some > are the root certificates for Mozilla designated upstream signature > authorities, such as /etc/pki/java/cacerts and /etc/pki/tls/cacerts/* > > Unfortunately, each application handles the certificicates > individually, so you really have to deal on an application by > application basis with these. > > Which *application* are you using IPA for ? Just Kerberos > authentication, or full account management, or what? the total package, including soon a cross realm trust with an AD infrastructure. I am starting to think that maybe a wildcard certificate might just be easier and cheaper ... -- natxo
