Add an option so we can generate a new cert for a CA. This is so we can ultimately fix the missing CA basic constraint but it will also allow the CA to be renewed.

This also fixes a small bug when generating the CA basic constraint. It wasn't getting set as Critical because somehow I had it sending a 7 instead of a y :-(

rob

Attachment: freeipa-260-ca.patch
Description: application/mbox

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to