[Freeipa-devel] [Testplan review] Sub CAs

[Milan Kubík]

Hi Fraser and list,

I've wrote a (minimal) draft [1] of the test plan for the Sub CAs feature
and I also have several questions.

Could you please take a look at it?

Questions:

As described in the last (currently) test case, should it be possible to 
specify
both the CA and certificate profile in cert-request call?
This way one could use (at least) two ACLs (one affiliated with CA, one 
with a profile).
Are there such use cases?

Related to this, what happens when CA ACL has specific CA and profile 
category (all)?
Applicable to other combinations as well. The ACL category semantics is
a bit unclear for me here.

Is there any validation of the CA's DN (syntax)?

How would you approach testing of the Sub CA certificate renewal and key 
replication
(I do not know if this is covered at the respective component's level or 
not)?


[1]: http://www.freeipa.org/page/V4/Sub-CAs/Test_Plan

Thanks

-- 
Milan Kubik