On Mon, 2010-04-05 at 16:51 -0400, Rob Crittenden wrote:
> When using the dogtag CA we can control what the subject of an issued 
> certificate is regardless of what is in the CSR, we just use the CN 
> value. The selfsign CA does not have this capability. The subject format 
> must match the configured format or certificate requests are rejected.
> The default format is CN=%s,O=IPA. certmonger by default issues requests 
> with just CN so all requests would fail if using the selfsign CA.
> This subject base is stored in cn=ipaconfig so we can just fetch that 
> value in the enrollment process and pass it to certmonger to request the 
> right thing.
> Note that this also fixes ipa-join to work with the new argument passing 
> mechanism.
> rob

ack.  pushed to master.

Freeipa-devel mailing list

Reply via email to