What is the use case for wildcard certificates that can't be satisfied by server-specific certificates? Would you obtain a separate wildcard certificate for each server you installed it on or share one wildcard cert among many (this raises renewal issues)?

Replying to [comment:1 rcritten]:

What is the use case for wildcard certificates that can't be satisfied by server-specific certificates? Would you obtain a separate wildcard certificate for each server you installed it on or share one wildcard cert among many (this raises renewal issues)?

There are a couple of use cases, but the primary one would be for HTTP servers that host multiple vhosts on a single IP.

This RFE has come up again due to OpenShift requirements; see
http://post-office.corp.redhat.com/archives/idm-tech/2015-December/msg00028.html

Let's re-triage it.

This ticket is out of scope of 4.4.0 release. Moving to 4.4.1. Note that 4.4.1 needs to be triaged, therefore not everything will be implemented.

moving out tickets not implemented in 4.4.1

4.4.2 is a stabilization milestone. If this bug is important stabilization bug then please put it to NEEDS TRIAGE milestone for retriage.

Related discussion on freeipa-devel (also related to OpenShift): http://www.redhat.com/archives/freeipa-devel/2017-February/msg00160.html

Based on the discussion in comment:14, Fraser managed to find a procedure on how to issue Wildcard certificate with FreeIPA:

http://blog-ftweedal.rhcloud.com/2017/02/wildcard-certificates-in-freeipa/

I'm inclined to close this, and the associated BZ. Any objections?

No objections so far...

Closing, due to existence of known and proven methods for creating
wildcard certs, and the fact that wildcard certs are deprecated.