[Freeipa-users] --subject option for ipa-server-install
Stephen Ingram
sbingram at gmail.com
Tue Apr 10 13:27:45 UTC 2012
On Mon, Apr 9, 2012 at 12:00 PM, Stephen Ingram <sbingram at gmail.com> wrote:
> On Mon, Apr 9, 2012 at 11:35 AM, Dmitri Pal <dpal at redhat.com> wrote:
>> On 04/09/2012 02:25 PM, Stephen Ingram wrote:
>>> In an attempt to make the CA certificate from IPA a little more
>>> noticeable for the users in our realm I've successfully used the
>>> --subject option during the ipa-server-install process. It seems
>>> however, that you cannot change the CN from the default "Certificate
>>> Authority". I've added O=, OU= and C=, but as some certificate
>>> managers in browsers/os's (i.e. Mac OS X) organize certificates by CN
>>> name, it would be nice to point to something representing the company
>>> name instead of the generic Certificate Authority. It even seems that
>>> in the older 2.0 release candidates, they used the default "REALM
>>> Certificate Authority" for the CN instead of just Certificate
>>> Authority. Can this be easily changed so that at least the realm could
>>> be slipped in front of Certificate Authority or customize the CN
>>> altogether?
>>>
>>
>> Please open an RFE ticket.
>
> Done. Ticket 2614.
In the meantime, I've changed
/usr/lib/python2.x/site-packages/ipaserver/install/cainstance.py to
force a CN and obtained a successful install. After the install,
trying to create a cert failed so I also patched
/usr/lib/python2.x/site-packages/ipalib/x509.py to allow for the
different CN. Is there anywhere else I could get into trouble later on
that might also need to be changed?
Steve
More information about the Freeipa-users
mailing list