[Freeipa-devel] [PATCH] fix PKCS#12 file import
Rob Crittenden
rcritten at redhat.com
Mon Jul 14 13:39:11 UTC 2008
Simo Sorce wrote:
> On Fri, 2008-07-11 at 11:51 -0400, Rob Crittenden wrote:
>>
>> Fairly major changes to the way PKCS#12 files are handled.
>>
>> One can now pass in PKCS#12 files to be installed during initial
>> installation and when a replica is prepared.
>>
>> ipa-server-certinstall should finally work as one would expect. This
>> can
>> be used to install from a PKCS#12 file post-installation.
>>
>> A few gotchas:
>>
>> - If you use your own certs you'll need to also get an object signing
>> cert to sign the jar file we use for Firefox auto-config. See the
>> docs
>> here
>> http://freeipa.org/page/AdministratorsGuide#Using_Your_Own_Certificate_with_Firefox
>> - A PIN is required for all PKCS#12 files
>> - When using ipa-server-certinstall services are not automatically
>> restarted after installing a new cert.
>
> Wow, quite a patch :-)
>
> At a first read it seem all ok, so I'd ack.
>
> Simo.
>
Pushed to master.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20080714/67f2d716/attachment.bin>
More information about the Freeipa-devel
mailing list