On Mon, 2010-04-05 at 16:51 -0400, Rob Crittenden wrote:
> When using the dogtag CA we can control what the subject of an issued 
> certificate is regardless of what is in the CSR, we just use the CN 
> value. The selfsign CA does not have this capability. The subject format 
> must match the configured format or certificate requests are rejected.
> 
> The default format is CN=%s,O=IPA. certmonger by default issues requests 
> with just CN so all requests would fail if using the selfsign CA.
> 
> This subject base is stored in cn=ipaconfig so we can just fetch that 
> value in the enrollment process and pass it to certmonger to request the 
> right thing.
> 
> Note that this also fixes ipa-join to work with the new argument passing 
> mechanism.
> 
> rob

ack.  pushed to master.

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to