On Mon, 2010-04-05 at 16:51 -0400, Rob Crittenden wrote: > When using the dogtag CA we can control what the subject of an issued > certificate is regardless of what is in the CSR, we just use the CN > value. The selfsign CA does not have this capability. The subject format > must match the configured format or certificate requests are rejected. > > The default format is CN=%s,O=IPA. certmonger by default issues requests > with just CN so all requests would fail if using the selfsign CA. > > This subject base is stored in cn=ipaconfig so we can just fetch that > value in the enrollment process and pass it to certmonger to request the > right thing. > > Note that this also fixes ipa-join to work with the new argument passing > mechanism. > > rob
ack. pushed to master. _______________________________________________ Freeipa-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-devel
