[Freeipa-devel] [PATCHES] 0197-0205 Installing without a CA, with custom SSL certs
Petr Viktorin
pviktori at redhat.com
Tue Mar 26 15:48:59 UTC 2013
On 03/22/2013 02:22 PM, Petr Viktorin wrote:
[...]
>
> Design is now at: http://freeipa.org/page/V3/CA-less_install
>
> Patch 199 deferred to https://fedorahosted.org/freeipa/ticket/3529
>
> Updated patches attached.
Orion Poplawski found a bug in the patches: the CA cert wasn't loaded
into the server NSS databases, making install fail with PKCS#12 files
that only contain the server cert. This additional patch fixes that.
Note that certs for any *intermediate* CAs must be in the PKCS#12 file;
only the root CA may be missing. So this is mainly for cases where the
server cert is signed directly by the root CA.
Thanks for testing!
--
Petr³
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pviktori-0205-Load-the-CA-cert-into-server-NSS-databases.patch
Type: text/x-patch
Size: 7524 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20130326/0667be7d/attachment.bin>
More information about the Freeipa-devel
mailing list