[Freeipa-devel] [PATCH] 314 Allow specifying key algorithm of the IPA CA cert in ipa-server-install
Rob Crittenden
rcritten at redhat.com
Wed Aug 6 12:43:57 UTC 2014
Jan Cholasta wrote:
> Hi,
>
> the attached patch fixes <https://fedorahosted.org/freeipa/ticket/4447>.
>
+ cert_group.add_option("--ca-key-algorithm", dest="ca_key_algorithm",
+ help="Key algorithm of the IPA CA certificate
(default SHA256withRSA)")
Why not set the default here rather than later?
Should the list of options be added to the man page as well?
Do we want to support the MD*-based signing algorithms? I'd think not.
Seeing the context makes me wonder if we should eventually add options
for CA key size and signing alg as well.
rob
More information about the Freeipa-devel
mailing list