Jan Cholasta wrote:
> Hi,
> 
> the attached patch fixes <https://fedorahosted.org/freeipa/ticket/4447>.
> 


+    cert_group.add_option("--ca-key-algorithm", dest="ca_key_algorithm",
+                      help="Key algorithm of the IPA CA certificate
(default SHA256withRSA)")

Why not set the default here rather than later?

Should the list of options be added to the man page as well?

Do we want to support the MD*-based signing algorithms? I'd think not.

Seeing the context makes me wonder if we should eventually add options
for CA key size and signing alg as well.

rob

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to