Dogtag CA ACME server supports wildcard certificates via the mechanism defined in the standard ACME protocol (RFC 8555), even with wildcard certificates enabled by default on standalone Dogtag / RHCS deployment, this option is disabled by default on IPA context. The objective of this RFE is to be able to test it and extend the ipa-acme-manage CLI program to provide a way to control that settings. With an option to be able to enable this wildcard certificates it will suffice.

The are for example one option to be able to enable this like setting policy.wildcard=true in /etc/pki/pki-tomcat/acme/engine.conf  and use a regular acme client (e.g. certbot) to request a wildcard cert. But this is not optimal and not tested in our product and we need an easier and tested way to provide wildcard support to IPA. it's just about enable/disable this feature, is the feature available and enabled, or not.