<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 27/05/15 15:53, Fraser Tweedale
wrote:<br>
</div>
<blockquote
cite="mid:20150527135315.GC24915@dhcp-40-8.bne.redhat.com"
type="cite">
<pre wrap="">This patch adds supports for multiple user / host certificates. No
schema change is needed ('usercertificate' attribute is already
multi-value). The revoke-previous-cert behaviour of host-mod and
user-mod has been removed but revocation behaviour of -del and
-disable is preserved.
The latest profiles/caacl patchset (0001..0013 v5) depends on this
patch for correct cert-request behaviour.
There is one design question (or maybe more, let me know): the
`--out=FILENAME' option to {host,service} show saves ONE certificate
to the named file. I propose to either:
a) write all certs, suffixing suggested filename with either a
sequential numerical index, e.g. "cert.pem" becomes
"cert.pem.1", "cert.pem.2", and so on; or
b) as above, but suffix with serial number and, if there are
different issues, some issuer-identifying information.
Let me know your thoughts.
Thanks,
Fraser
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
Is there a possible way how to store certificates into one file?<br>
I read about possibilities to have multiple certs in one .pem file,
but I'm not cert guru :)<br>
<br>
I personally vote for serial number in case there are multiple
certificates, if ^ is no possible.<br>
<br>
<br>
1)<br>
+ if len(certs) > 0:<br>
<br>
please use only, <br>
if certs:<br>
<br>
2)<br>
You need to re-generate API/ACI.txt in this patch<br>
<br>
3)<br>
syntax error:<br>
+ for dercert in certs_der<br>
<br>
<br>
4)<br>
command <br>
ipa user-mod ca_user --certificate=<ceritifcate><br>
<br>
removes the current certificate from the LDAP, by design.<br>
Should be the old certificate(s) revoked? You removed that part in
the code.<br>
<br>
only the --addattr='usercertificate=<cert>' appends new value
there<br>
<br>
<pre class="moz-signature" cols="72">--
Martin Basti</pre>
</body>
</html>