mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-26 17:01:14 -06:00
c0d55ce6de
The initial implementation of ACME in dogtag and IPA required that ACME be manually enabled on each CA. dogtag added a REST API that can be access directly or through the `pki acme` CLI tool to enable or disable the service. It also abstracted the database connection and introduced the concept of a realm which defines the DIT for ACME users and groups, the URL and the identity. This is configured in realm.conf. A new group was created, Enterprise ACME Administrators, that controls the users allowed to modify ACME configuration. The IPA RA is added to this group for the ipa-acme-manage tool to authenticate to the API to enable/disable ACME. Related dogtag installation documentation: https://github.com/dogtagpki/pki/blob/master/docs/installation/acme/Configuring_ACME_Database.md https://github.com/dogtagpki/pki/blob/master/docs/installation/acme/Configuring_ACME_Realm.md https://github.com/dogtagpki/pki/blob/master/docs/installation/acme/Installing_PKI_ACME_Responder.md ACME REST API: https://github.com/dogtagpki/pki/wiki/PKI-ACME-Enable-REST-API https://pagure.io/freeipa/issue/8524 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Fraser Tweedale <ftweedal@redhat.com> Reviewed-By: Christian Heimes <cheimes@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Mohammad Rizwan <myusuf@redhat.com>
16 lines
255 B
Makefile
16 lines
255 B
Makefile
NULL =
|
|
|
|
appdir = $(IPA_DATA_DIR)/profiles
|
|
app_DATA = \
|
|
README \
|
|
caIPAserviceCert.cfg \
|
|
caIPAserviceCert.UPGRADE.cfg \
|
|
IECUserRoles.cfg \
|
|
KDCs_PKINIT_Certs.cfg \
|
|
acmeIPAServerCert.cfg \
|
|
$(NULL)
|
|
|
|
EXTRA_DIST = \
|
|
$(app_DATA) \
|
|
$(NULL)
|