<html>
  <head>
    <meta content="text/html; charset=windows-1252"
      http-equiv="Content-Type">
  </head>
  <body bgcolor="#FFFFFF" text="#000000">
    I have added a few new features to the code, including:<br>
    - A new certificate profile for user certs<br>
    - Import and export of included mapping rules when certificate
    profiles are imported/exported<br>
    The updated patches are at
    <a class="moz-txt-link-freetext" href="https://github.com/LiptonB/freeipa/pull/2/commits">https://github.com/LiptonB/freeipa/pull/2/commits</a>.<br>
    <br>
    I look forward to hearing your thoughts, either in the pull request
    or here on the mailing list.<br>
    <br>
    Thanks,<br>
    Ben<br>
    <br>
    <div class="moz-cite-prefix">On 06/27/2016 01:44 PM, Ben Lipton
      wrote:<br>
    </div>
    <blockquote
      cite="mid:7b971146-6d1b-5a4e-c230-97de8e962842@redhat.com"
      type="cite">
      <meta content="text/html; charset=windows-1252"
        http-equiv="Content-Type">
      <p>My email client is playing tricks on me - <a
          moz-do-not-send="true" class="moz-txt-link-freetext"
          href="https://github.com/LiptonB/freeipa/pull/2"><a class="moz-txt-link-freetext" href="https://github.com/LiptonB/freeipa/pull/2">https://github.com/LiptonB/freeipa/pull/2</a></a>
        is the correct link.<br>
      </p>
      <br>
      <div class="moz-cite-prefix">On 06/27/2016 01:14 PM, Ben Lipton
        wrote:<br>
      </div>
      <blockquote
        cite="mid:0f176317-3fd1-f0c8-88a7-a593be092e19@redhat.com"
        type="cite">
        <meta http-equiv="content-type" content="text/html;
          charset=windows-1252">
        Hi,<br>
        <br>
        I have implemented the core functionality of the automatic CSR
        generation design (<a moz-do-not-send="true"
          class="moz-txt-link-freetext"
href="http://www.freeipa.org/page/V4/Automatic_Certificate_Request_Generation">http://www.freeipa.org/page/V4/Automatic_Certificate_Request_Generation</a>).
        The code (which should be considered a work in progress) is
        available at <a moz-do-not-send="true"
          class="moz-txt-link-freetext"
          href="https://github.com/LiptonB/freeipa/pull/1">https://github.com/LiptonB/freeipa/pull/2</a>,
        please take a look and let me know what you think!<br>
        <br>
        First, a demo, then some notes:<br>
        <br>
        [root@ipavm ~]# ipa cert-get-requestdata --principal
        host/hostname.ipadom.example.com --format openssl <br>
            Debug output: [req] <br>
        prompt = no <br>
        distinguished_name = sec0 <br>
        req_extensions = exts <br>
        <br>
        [sec0] <br>
        CN=hostname.ipadom.example.com <br>
        O=IPADOM.EXAMPLE.COM <br>
        <br>
        [sec1] <br>
        DNS=hostname.ipadom.example.com <br>
        <br>
        [exts] <br>
        subjectAltName=@sec1 <br>
        <br>
        <br>
        [root@ipavm ~]# ipa cert-get-requestdata --principal
        host/hostname.ipadom.example.com --format certutil<br>
            Debug output: certutil -R -s
        CN=hostname.ipadom.example.com,O=IPADOM.EXAMPLE.COM --extSAN
        dns:hostname.ipadom.example.com <br>
        <br>
        <br>
        Notes:<br>
        - This is implemented using the four-level schema (<a
          moz-do-not-send="true" class="moz-txt-link-freetext"
href="http://www.freeipa.org/page/V4/Automatic_Certificate_Request_Generation/Schema#Option_A"><a class="moz-txt-link-freetext" href="http://www.freeipa.org/page/V4/Automatic_Certificate_Request_Generation/Schema#Option_A">http://www.freeipa.org/page/V4/Automatic_Certificate_Request_Generation/Schema#Option_A</a></a>).
        I'm very interested in comments on improving the schema or the
        way I interact with it in the code.<br>
        - Only includes rules for one profile at the moment, and it's
        probably not one you'd use (it weirdly puts the FQDN in both
        Subject and SubjectAltName). Think of it as an example to show
        that extensions are supported.<br>
        - Right now, transformation rules are implemented in python.
        Migrating them to a scheme where rules are text-based and can be
        added at runtime is a future goal.<br>
      </blockquote>
      <br>
      <br>
      <fieldset class="mimeAttachmentHeader"></fieldset>
      <br>
    </blockquote>
    <br>
  </body>
</html>