[Freeipa-devel] [PATCH 0013-0015] Automatic CSR generation - usability improvements
Ben Lipton
blipton at redhat.com
Tue Aug 9 18:22:00 UTC 2016
Hello,
The attached patches improve upon my last patchset to:
0013: Add support for generating a full script that makes a CSR, rather
than just a config, and use that support to automate the full flow from
script generation through cert issuance
Usage note: the UI for this could probably use work. I currently have
the --helper-args param that allows additional data to be passed to the
helper. Commonly this would be something like:
Certutil: --helper-args '-d /path/to/nss/db' (precreated with certutil
-N -d /path/to/nss/db)
Openssl: --helper-args 'd /path/to/keyfile' (precreated with openssl
genrsa -out /path/to/keyfile)
See the commit message for a full command line.
0014: Allow the feature to be used by non-admin users
0015: Improve error handling by reporting a nice message if the mapping
rules are broken, or if the data required to generate the subject DN is
missing
These improvements may make it easier to test the other patches.
Thanks,
Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-blipton-0013-Automate-full-cert-request-flow.patch
Type: text/x-patch
Size: 12093 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160809/5da90247/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-blipton-0014-Add-ACIs-for-mapping-rules.patch
Type: text/x-patch
Size: 10693 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160809/5da90247/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-blipton-0015-Improve-error-handling-for-certificate-mapping.patch
Type: text/x-patch
Size: 5505 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20160809/5da90247/attachment-0002.bin>
More information about the Freeipa-devel
mailing list