[Freeipa-devel] [PATCH] 420 use proper subject when requesting certs using certmonger

Rob Crittenden Mon, 05 Apr 2010 13:53:50 -0700

When using the dogtag CA we can control what the subject of an issued certificate is regardless of what is in the CSR, we just use the CN value. The selfsign CA does not have this capability. The subject format must match the configured format or certificate requests are rejected.

The default format is CN=%s,O=IPA. certmonger by default issues requests with just CN so all requests would fail if using the selfsign CA.

This subject base is stored in cn=ipaconfig so we can just fetch that value in the enrollment process and pass it to certmonger to request the right thing.

Note that this also fixes ipa-join to work with the new argument passing mechanism.

rob

freeipa-420-certmonger.patch
Description: application/mbox

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

[Freeipa-devel] [PATCH] 420 use proper subject when requesting certs using certmonger

Reply via email to