[Freeipa-devel] [PATCH] 315 Convert external CA chain to PKCS#7 before passing it to pkispawn
Martin Kosek
mkosek at redhat.com
Fri Aug 8 09:20:17 UTC 2014
On 08/08/2014 10:55 AM, Jan Cholasta wrote:
> Hi,
>
> the attached patch fixes <https://fedorahosted.org/freeipa/ticket/4397>.
>
> Honza
Thanks! I did not test, just have couple questions/suggestions:
1) Are we testing that the certificate is in proper format, e.g. is not PKCS7
already? We need to error out properly then
2) Are ipa-server-install --help options as informative as possible?
--external-ca installation is tricky, we need to make sure that is no doubt
about what the input is.
3) We may want to add instructions how to convert PKCS#7 -> PEM to "man
ipa-server-install" too.
Martin
More information about the Freeipa-devel
mailing list