[Freeipa-devel] [PATCH] First pass at CA installer
Rob Crittenden
rcritten at redhat.com
Thu Apr 2 03:22:43 UTC 2009
Implement an installer for the Dogtag certificate system.
The CA is currently not automatically installed. You have to pass in the
--ca flag to install it.
What works:
- installation
- unistallation
- cert/ra plugins can issue and retrieve server certs
What doesn't work:
- self-signed CA is still created and issues Apache and DS certs
- dogtag and python-nss not in rpm requires
- requires that CS be in the "pre" install state from pkicreate
So basically after doing this you have 2 CAs. The old self-signed CA
from IPA v1 and a new dogtag-based CA. This new CA is used by the
cert/ra plugins. My next step is to replace the self-signed CA.
I'm also doing all my testing of dogtag using the SVN tip. A number of
important but fixes are there.
This also adds a python-nss based httplib library. Also on my list of
things to do is to drop the fork calls to sslget. They aren't very
efficient and they make SELinux cry.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-170-ca.patch
Type: application/mbox
Size: 43211 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20090401/2b2ba961/attachment.mbox>
More information about the Freeipa-devel
mailing list