[Freeipa-devel] [Testplan Review] Certs in ID overrides
Sumit Bose
sbose at redhat.com
Thu Jun 9 15:06:19 UTC 2016
On Thu, Jun 09, 2016 at 04:48:57PM +0200, Oleg Fayans wrote:
> Hi guys,
>
> Here is the first somewhat skeletal and pretty short version of the
> testplan. Could you please review it anyone?
>
> http://www.freeipa.org/page/V4/Certs_in_ID_overrides/Test_Plan
Hi Oleg,
'Make sure the id view is applied to ipa master host' the IPA
masters/servers will always and only have the 'Default Trust View'. But
it is ok to use the 'Default Trust View' for testing the certificates in
the ID override.
The 'openssl req ...' call will only generate a certificate request and
not the certificate itself. The request must still be signed by e.g. the
IPA CA. Please see the blog posts of Fraser
(https://blog-ftweedal.rhcloud.com/2015/08/user-certificates-and-custom-profiles-with-freeipa-4-2/)
and Nathan (https://blog-nkinder.rhcloud.com/?p=184) for details.
Since you want to test certificates in overrides you should use
idoverrideuser-add-cert and idoverrideuser-remove-cert instead of
user-add-cert and user-remove-cert.
bye,
Sumit
> --
> Oleg Fayans
> Quality Engineer
> FreeIPA team
> RedHat.
>
> --
> Manage your subscription for the Freeipa-devel mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-devel
> Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
More information about the Freeipa-devel
mailing list