[Freeipa-devel] [PATCH] 351 Support MS CA as the external CA in ipa-server-install and ipa-ca-install
Martin Kosek
mkosek at redhat.com
Thu Oct 9 06:44:25 UTC 2014
On 10/08/2014 01:46 PM, Jan Cholasta wrote:
> Dne 8.10.2014 v 12:49 Martin Kosek napsal(a):
>> On 10/08/2014 11:53 AM, Jan Cholasta wrote:
>>> Hi,
>>>
>>> the attached patch fixes <https://fedorahosted.org/freeipa/ticket/4496>.
>>>
>>> Note that this requires pki-core 10.2.0-3.
>>>
>>> Honza
>>
>> The approach looks OK, but I would like to be better in naming documentation:
>>
>> + cert_group.add_option("--external-ca-type", dest="external_ca_type",
>> + type="choice", choices=("generic", "ms"),
>> + help="Type of the external CA")
>>
>> I would name the option either "ad-cs" or "windows-server-ca", i.e. "Active
>> Directory Certificate Services" or "Windows Server CA". "ms" sounds too generic
>> to me in this context. When using trademarks we should be specific about what
>> do we mean.
>
> Microsoft docs refer to it as "Microsoft Certificate Services" or simply
> "Certificate Services", so I went with "ms-cs".
Works for me. Just please update the man and refer to this type as "Microsoft
Certificate Services (MS CS)" just in case MS CS alone does not ring a bell of
a user.
But that's just a minor issue, what is more concerning is that IPA installation
crashed with the signed CA certificate (this part worked smoothly btw):
...
[17/27]: setting audit signing renewal to 2 years
[18/27]: configuring certificate server to start on boot
[19/27]: restarting certificate server
[20/27]: requesting RA certificate from CA
[error] IndexError: list index out of range
Unexpected error - see /var/log/ipaserver-install.log for details:
IndexError: list index out of range
See
https://mkosek.fedorapeople.org/ticket-4496.tgz
for related logs.
Martin
More information about the Freeipa-devel
mailing list