[Pki-devel] [PATCH] 690 Added mechanism to import system certs via PKCS #12 file.
Ade Lee
alee at redhat.com
Fri Feb 26 18:15:22 UTC 2016
Acked by me. Pushed to master.
On Mon, 2016-02-22 at 23:41 -0600, Endi Sukma Dewata wrote:
> The installation tool has been modified to provide an optional
> pki_server_pkcs12_path property to specify a PKCS #12 file
> containing certificate chain, system certificates, and third-party
> certificates needed by the subsystem being installed.
>
> If the pki_server_pkcs12_path is specified the installation tool
> will no longer download the certificate chain from the security
> domain directly, and it will no longer import the PKCS #12
> containing the entire master NSS database specified in
> pki_clone_pkcs12_path.
>
> For backward compatibility, if the pki_server_pkcs12_path is not
> specified the installation tool will use the old mechanism to
> import the system certificates.
>
> The ConfigurationUtils.verifySystemCertificates() has been modified
> not to catch the exception to help troubleshooting.
>
> https://fedorahosted.org/pki/ticket/1742
>
> Documentations:
> * http://pki.fedoraproject.org/wiki/Installing_CA_Clone
> * http://pki.fedoraproject.org/wiki/Installing_Remote_KRA
> * http://pki.fedoraproject.org/wiki/Exporting_System_Certificates
> * http://pki.fedoraproject.org/wiki/PKI_PKCS12_CLI
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list