On Mon, 2010-04-05 at 16:51 -0400, Rob Crittenden wrote:
> When using the dogtag CA we can control what the subject of an issued
> certificate is regardless of what is in the CSR, we just use the CN
> value. The selfsign CA does not have this capability. The subject format
> must match the configured format or certificate requests are rejected.
> The default format is CN=%s,O=IPA. certmonger by default issues requests
> with just CN so all requests would fail if using the selfsign CA.
> This subject base is stored in cn=ipaconfig so we can just fetch that
> value in the enrollment process and pass it to certmonger to request the
> right thing.
> Note that this also fixes ipa-join to work with the new argument passing
ack. pushed to master.
Freeipa-devel mailing list