Instructions to generate certificate were changed. Now they use certutil instead of openssl. In the example is also used option for specifying key size.

https://fedorahosted.org/freeipa/ticket/2725
--
Petr Vobornik
From db71ce6967d831200a1a0aaade690f8433269a19 Mon Sep 17 00:00:00 2001
From: Petr Vobornik <pvobo...@redhat.com>
Date: Fri, 11 May 2012 13:33:07 +0200
Subject: [PATCH] Instructions to generate cert use certutil instead of
 openssl

Instructions to generate certificate were changed. Now they use certutil instead of openssl. In the example is also used option for specifying key size.

https://fedorahosted.org/freeipa/ticket/2725
---
 install/ui/test/data/ipa_init.json |    2 +-
 ipalib/plugins/internal.py         |    2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/install/ui/test/data/ipa_init.json b/install/ui/test/data/ipa_init.json
index 7d394f8a3f01d1206b132e55903b704f1b13ff97..505f49c2c841116243effedb8b833340e3ac0d72 100644
--- a/install/ui/test/data/ipa_init.json
+++ b/install/ui/test/data/ipa_init.json
@@ -178,7 +178,7 @@
                             "privilege_withdrawn": "Privilege Withdrawn",
                             "reason": "Reason for Revocation",
                             "remove_from_crl": "Remove from CRL",
-                            "request_message": "<ol><li>Create a private key in a secure location, for example:<br/># openssl genrsa -out key.pem</li><li>Create a CSR with subject CN=${hostname},O=${realm}, for example:<br/># openssl req -new -key key.pem -out cert.csr \\<br/>&nbsp;&nbsp;&nbsp;&nbsp;-subj '/O=${realm}/CN=${hostname}'</li><li>Copy and paste the CSR below:</li></ol>",
+                            "request_message": "<ol><li>Examples uses NSS database located in current directory. Replace \"-d  .\" in example with \"-d /path/to/database\" if NSS database is located elsewhere. If you don't have a NSS database you can create one in current directory by \"certutil -N -d .\" </li><li>Create a CSR with \"CN=${hostname},O=${realm}\", for example:<br/># certutil -R -d . -a <em title=\"key size in bits\">-g 2048</em> -s 'CN=${hostname},O=${realm}'</li><li>Copy and paste the CSR (the text block which starts with \"-----BEGIN NEW CERTIFICATE REQUEST-----\" and ends with \"-----END NEW CERTIFICATE REQUEST-----\") below:</li></ol>",
                             "restore_certificate": "Restore Certificate for ${entity} ${primary_key}",
                             "restore_confirmation": "To confirm your intention to restore this certificate, click the \"Restore\" button.",
                             "revoke_certificate": "Revoke Certificate for ${entity} ${primary_key}",
diff --git a/ipalib/plugins/internal.py b/ipalib/plugins/internal.py
index 66507c8876df08a608453e653c0730310dc57a15..35ac088ce7a6f0ffde7dac9e52a4ab342c2e37df 100644
--- a/ipalib/plugins/internal.py
+++ b/ipalib/plugins/internal.py
@@ -314,7 +314,7 @@ class i18n_messages(Command):
                 "privilege_withdrawn": _("Privilege Withdrawn"),
                 "reason": _("Reason for Revocation"),
                 "remove_from_crl": _("Remove from CRL"),
-                "request_message": _("<ol><li>Create a private key in a secure location, for example:<br/># openssl genrsa -out key.pem</li><li>Create a CSR with subject CN=${hostname},O=${realm}, for example:<br/># openssl req -new -key key.pem -out cert.csr \\<br/>&nbsp;&nbsp;&nbsp;&nbsp;-subj '/O=${realm}/CN=${hostname}'</li><li>Copy and paste the CSR below:</li></ol>"),
+                "request_message": _("<ol><li>Examples uses NSS database located in current directory. Replace \"-d  .\" in example with \"-d /path/to/database\" if NSS database is located elsewhere. If you don't have a NSS database you can create one in current directory by \"certutil -N -d .\" </li><li>Create a CSR with \"CN=${hostname},O=${realm}\", for example:<br/># certutil -R -d . -a <em title=\"key size in bits\">-g 2048</em> -s 'CN=${hostname},O=${realm}'</li><li>Copy and paste the CSR (the text block which starts with \"-----BEGIN NEW CERTIFICATE REQUEST-----\" and ends with \"-----END NEW CERTIFICATE REQUEST-----\") below:</li></ol>"),
                 "restore_certificate": _("Restore Certificate for ${entity} ${primary_key}"),
                 "restore_confirmation": _("To confirm your intention to restore this certificate, click the \"Restore\" button."),
                 "revoke_certificate": _("Revoke Certificate for ${entity} ${primary_key}"),
-- 
1.7.7.6

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to