Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1263789
Description of problem: When generating Host Certificates it should be possible to specify that TLSA DNS records be generated. Additionally/Alternatively the "Show Certificate" option should list the various likely options for TLSA records. Most pertinently it should give the SHA256 for the full cert and for the subject rather than forcing the user to locate the cert and perform some manual work to determine the values. The defaults should be Certificate Usage - 3 Selector - 0 Matching Type - 1 The sort order should be improved in the GUI to ensure that service selector components like TLSA records are located under the host record. Possibly consider putting TLSA records in as _cert.host TLSA a b c nnnnnnnnnn and providing simpler mech to create _port._(tcp|udp).host CNAME _cert.host records.
I'd like to own this ticket - a good reason to become more familiar with our DNS capabilities.
Metadata Update from @pvoborni: - Issue assigned to ftweedal - Issue set to the milestone: FreeIPA 4.5 backlog
Metadata Update from @ftweedal: - Assignee reset
Login to comment on this ticket.