[Freeipa-devel] [PATCH 0014] Support multiple user and host certificates
Petr Vobornik
pvoborni at redhat.com
Tue Jun 2 14:56:03 UTC 2015
On 05/27/2015 03:53 PM, Fraser Tweedale wrote:
> This patch adds supports for multiple user / host certificates. No
> schema change is needed ('usercertificate' attribute is already
> multi-value). The revoke-previous-cert behaviour of host-mod and
> user-mod has been removed but revocation behaviour of -del and
> -disable is preserved.
>
> The latest profiles/caacl patchset (0001..0013 v5) depends on this
> patch for correct cert-request behaviour.
>
> There is one design question (or maybe more, let me know): the
> `--out=FILENAME' option to {host,service} show saves ONE certificate
> to the named file. I propose to either:
>
> a) write all certs, suffixing suggested filename with either a
> sequential numerical index, e.g. "cert.pem" becomes
> "cert.pem.1", "cert.pem.2", and so on; or
>
> b) as above, but suffix with serial number and, if there are
> different issues, some issuer-identifying information.
>
> Let me know your thoughts.
>
> Thanks,
> Fraser
>
Has anybody tried it with Web UI?
Currently Web UI is designed only for one cert. I wonder if it still
works even with just one.
We should probably file a ticket.
--
Petr Vobornik
More information about the Freeipa-devel
mailing list