[Freeipa-devel] [PATCH] 351 Support MS CA as the external CA in ipa-server-install and ipa-ca-install
Jan Cholasta
jcholast at redhat.com
Wed Oct 8 11:46:24 UTC 2014
Dne 8.10.2014 v 12:49 Martin Kosek napsal(a):
> On 10/08/2014 11:53 AM, Jan Cholasta wrote:
>> Hi,
>>
>> the attached patch fixes <https://fedorahosted.org/freeipa/ticket/4496>.
>>
>> Note that this requires pki-core 10.2.0-3.
>>
>> Honza
>
> The approach looks OK, but I would like to be better in naming documentation:
>
> + cert_group.add_option("--external-ca-type", dest="external_ca_type",
> + type="choice", choices=("generic", "ms"),
> + help="Type of the external CA")
>
> I would name the option either "ad-cs" or "windows-server-ca", i.e. "Active
> Directory Certificate Services" or "Windows Server CA". "ms" sounds too generic
> to me in this context. When using trademarks we should be specific about what
> do we mean.
Microsoft docs refer to it as "Microsoft Certificate Services" or simply
"Certificate Services", so I went with "ms-cs".
>
> Same for man:
>
> +\fB\-\-external\-ca\-type\fR=\fITYPE\fR
> +Type of the external CA. Possible values are generic, ms. Default value is
> generic. Use ms to include MS template name extension in the CSR.
> +.TP
>
> I would be more verbose and write
>
> ... Use "windows-server-ca" to include Windows Server CA specific template name
> extension (1.3.6.1.4.1.311.20.2) set in the CSR.
I have reworded the description in man and the commit message a bit.
Updated patch attached.
--
Jan Cholasta
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-jcholast-351.1-Support-MS-CS-as-the-external-CA-in-ipa-server-insta.patch
Type: text/x-patch
Size: 9079 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20141008/4207f500/attachment.bin>
More information about the Freeipa-devel
mailing list