[Pki-devel] [PATCH] Certificate Nickname Improvement
Fraser Tweedale
ftweedal at redhat.com
Fri Jun 3 06:23:03 UTC 2016
On Thu, Jun 02, 2016 at 11:35:12PM -0600, Matthew Harmsen wrote:
> Please review the attached patch which addresses the following ticket:
>
> * PKI TRAC Ticket #1432 - Certificate nickname improvement
> <https://fedorahosted.org/pki/ticket/432>
>
> This was tested by successfully:
>
> * creating a shared PKI instance containing a CA, KRA, OCSP, TKS, and TPS,
> * creating a separated CA,
> * creating a separated KRA,
> * creating a separated OCSP,
> * creating a separated TKS,
> * creating a separated TPS, and
> * installing a FreeIPA instance
>
> Detailed contents of the nicknames as they appear in the NSS security
> databases of both the shared PKI instance as well as each of the separated
> PKI instances is detailed in the above ticket.
>
Not a NACK, but please HOLD this patch until I can thoroughly review
it and determine its impact on IPA. A lot of the nicknames are
currently hardcoded in IPA. Installation may work but I can all but
guarantee this will break replica installation and automatic
renewal.
I (or someone) will need time to work out the impact on IPA and
proactively ensure that IPA will continue to work after this change.
(That probably won't happen in time for 10.3.2 release, sorry!)
Thanks,
Fraser
More information about the Pki-devel
mailing list