[Pki-devel] [Freeipa-devel] Proposed patch to resolve #828866 [RFE] enhance --subject option for ipa-server-install
Fraser Tweedale
ftweedal at redhat.com
Sun Jul 10 23:37:29 UTC 2016
On Fri, Jul 08, 2016 at 01:18:23PM +0200, Petr Spacek wrote:
> On 8.7.2016 05:42, Fraser Tweedale wrote:
> >
> > 2. If argument contains CN but it is not the "most specific"
> > RDN, move it to the front (to satisfy requirement of Dogtag
> > profile).
>
> I wonder if we can relax the requirement in Dogtag so no reordering is needed.
> After all, DN is just a name, isn't it? Why Dogtag requires particular field
> in DN?
>
Cc pki-devel at . The subject name constraint in the caCAcert profile
is:
policyset.caCertSet.1.constraint.params.pattern=CN=.*
What do you think? Can we relax or remove this constraint - or if
not, why is it required?
Thanks,
Fraser
More information about the Pki-devel
mailing list