[Pki-devel] [PATCH] 297, 298 add validity check for external CA
Ade Lee
alee at redhat.com
Fri Apr 22 19:37:44 UTC 2016
commit 0fe7bf5ff989bbc24875dce30cec8f32e89c0a8f
Author: Ade Lee <alee at redhat.com>
Date: Fri Apr 22 15:31:43 2016 -0400
Add validity check for the signing certificate in pkispawn
When either an existing CA or external CA installation is
performed, use the pki-server cert validation tool to check
the signing certiticate and chain.
Ticket #2043
commit 9104fdda145c4f2bbbedec7256c73922e8bffcef
Author: Ade Lee <alee at redhat.com>
Date: Wed Apr 20 17:26:23 2016 -0400
Add CLI to check system certificate status
We add two different calls:
1. pki client-cert-validate - which checks a certificate in the client
certdb and calls the System cert verification call performed by JSS
in the system self test. This does some basic extensions and trust
tests, and also validates cert validity and cert trust chain.
2. pki-server subsystem-cert-validate <subsystem>
This calls pki client-cert-validate using the nssdb for the subsystem
on all of the system certificates by default (or just one if the
nickname is defined).
This is a great thing to call when healthchecking an instance,
and also will be used by pkispawn to verify the signing cert in the
externally signed CA case.
Trac Ticket 2043
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-vakwetu-0298-Add-validity-check-for-the-signing-certificate-in-pk.patch
Type: text/x-patch
Size: 9536 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20160422/4fe463b8/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: pki-vakwetu-0297-Add-CLI-to-check-system-certificate-status.patch
Type: text/x-patch
Size: 16505 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20160422/4fe463b8/attachment-0001.bin>
More information about the Pki-devel
mailing list