Jan Cholasta wrote:
> Hi,
> the attached patch fixes <https://fedorahosted.org/freeipa/ticket/4447>.

+    cert_group.add_option("--ca-key-algorithm", dest="ca_key_algorithm",
+                      help="Key algorithm of the IPA CA certificate
(default SHA256withRSA)")

Why not set the default here rather than later?

Should the list of options be added to the man page as well?

Do we want to support the MD*-based signing algorithms? I'd think not.

Seeing the context makes me wonder if we should eventually add options
for CA key size and signing alg as well.


Freeipa-devel mailing list

Reply via email to