[Freeipa-devel] [PATCH] 420 use proper subject when requesting certs using certmonger
Rob Crittenden
rcritten at redhat.com
Mon Apr 5 20:51:45 UTC 2010
When using the dogtag CA we can control what the subject of an issued
certificate is regardless of what is in the CSR, we just use the CN
value. The selfsign CA does not have this capability. The subject format
must match the configured format or certificate requests are rejected.
The default format is CN=%s,O=IPA. certmonger by default issues requests
with just CN so all requests would fail if using the selfsign CA.
This subject base is stored in cn=ipaconfig so we can just fetch that
value in the enrollment process and pass it to certmonger to request the
right thing.
Note that this also fixes ipa-join to work with the new argument passing
mechanism.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-420-certmonger.patch
Type: application/mbox
Size: 11016 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20100405/f97bfab2/attachment.mbox>
More information about the Freeipa-devel
mailing list