[Freeipa-devel] [PATCH] 420 use proper subject when requesting certs using certmonger
Jason Gerard DeRose
jderose at redhat.com
Fri Apr 23 11:17:26 UTC 2010
On Mon, 2010-04-05 at 16:51 -0400, Rob Crittenden wrote:
> When using the dogtag CA we can control what the subject of an issued
> certificate is regardless of what is in the CSR, we just use the CN
> value. The selfsign CA does not have this capability. The subject format
> must match the configured format or certificate requests are rejected.
>
> The default format is CN=%s,O=IPA. certmonger by default issues requests
> with just CN so all requests would fail if using the selfsign CA.
>
> This subject base is stored in cn=ipaconfig so we can just fetch that
> value in the enrollment process and pass it to certmonger to request the
> right thing.
>
> Note that this also fixes ipa-join to work with the new argument passing
> mechanism.
>
> rob
ack. pushed to master.
More information about the Freeipa-devel
mailing list