[Pki-devel] [PATCH] 236 - fix installation of subca with own security domain
Ade Lee
alee at redhat.com
Mon Sep 29 17:20:11 UTC 2014
This fixes issue 1132 and allows pkispawn to successfully install a
subCA that hosts its own security domain.
This was, in retrospect, a lot harder than I thought it was going to be.
Prior to this patch, we simply did not support this configuration with
pkispawn.
Two new parameters are introduced:
pki_subordinate_create_new_security_domain=False
pki_subordinate_security_domain_name=%(pki_dns_domainname)s Subordinate Security Domain
See man pages for correct usage.
There is only one issue left. When removing the subca using pkidestroy,
removing the entry from the master security domain currently fails due
to authentication. I'll fix that in the next patch.
This is tricky stuff so please review carefully.
Thanks.
Ade
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-vakwetu-0236-Fix-sub-CA-installation-with-own-security-domain.patch
Type: text/x-patch
Size: 26138 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140929/ce5b0c90/attachment.bin>
More information about the Pki-devel
mailing list