The default format is CN=%s,O=IPA. certmonger by default issues requests with just CN so all requests would fail if using the selfsign CA.
This subject base is stored in cn=ipaconfig so we can just fetch that value in the enrollment process and pass it to certmonger to request the right thing.
Note that this also fixes ipa-join to work with the new argument passing mechanism.
rob
freeipa-420-certmonger.patch
Description: application/mbox
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel