Title: #5170: Centralize enable/disable of the ACME service
Centralize enable/disable of the ACME service
The initial implementation of ACME in dogtag and IPA required
that ACME be manually enabled on each CA.
dogtag added a REST API that can be access directly or through
the `pki acme` CLI tool to enable or disable the service.
It also abstracted the database connection and introduced the
concept of a realm which defines the DIT for ACME users and
groups, the URL and the identity. This is configured in realm.conf.
A new group was created, Enterprise ACME Administrators, that
controls the users allowed to modify ACME configuration.
The IPA RA is added to this group for the ipa-acme-manage tool
to authenticate to the API to enable/disable ACME.
Two ACME configuration templates were removed so that the dogtag
defaults would be used, configsources.conf and engine.conf.
Related dogtag installation documentation:
ACME REST API:
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5170/head:pr5170
git checkout pr5170