On Tue, Feb 19, 2013 at 3:19 PM, Nico Kadel-Garcia <[log in to unmask]> wrote:

> SSL certicificates are associated with specific applications, so
> there's no surprise here. Also,some of the contents in /etc/pki are
> for GPG keys, not SSL certificates (such as /etc/pki/rpm-gpg). And
> others are for applications that probably don't need this unless
> you're going to a lot of work, such as "/etc/pki/dovecot". And some
> are the root certificates for  Mozilla designated upstream signature
> authorities, such as /etc/pki/java/cacerts and /etc/pki/tls/cacerts/*
>
> Unfortunately, each application handles the certificicates
> individually, so you really have to deal on an application by
> application basis with these.
>
> Which *application* are you using IPA for ? Just Kerberos
> authentication, or full account management, or what?

the total package, including soon a cross realm trust with an AD infrastructure.

I am starting to think that maybe a wildcard certificate might just be
easier and cheaper ...

-- 
natxo