FreeIPA use cases call for support for multiple security domains, e.g. for user client certificates, Puppet, etc.
Implement support for sub-CAs hosted within a single Dogtag instance. The initial requirement is for a single level of sub-CAs under the "primary" IPA CA (which may or may not be a root CA), with an aim to support the feature in FreeIPA 4.2.
Note that support for hosting unrelated CAs in a single Dogtag instance will likely be a desired feature later on, so changes should be done with this in mind.
Design proposal: http://pki.fedoraproject.org/wiki/Lightweight_sub-CAs
Fixed in 2a9f56d02b4a284cda6f8b61b250e1494f19a83e.
Other tickets have been filed for replication support and other enhancements.
Metadata Update from @ftweedal: - Issue assigned to ftweedal - Issue set to the milestone: UNTRIAGED
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1775
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.