On 10/09/2014 08:44 AM, Martin Kosek wrote: > On 10/08/2014 01:46 PM, Jan Cholasta wrote: >> Dne 8.10.2014 v 12:49 Martin Kosek napsal(a): >>> On 10/08/2014 11:53 AM, Jan Cholasta wrote: >>>> Hi, >>>> >>>> the attached patch fixes <https://fedorahosted.org/freeipa/ticket/4496>. >>>> >>>> Note that this requires pki-core 10.2.0-3. >>>> >>>> Honza >>> >>> The approach looks OK, but I would like to be better in naming >>> documentation: >>> >>> + cert_group.add_option("--external-ca-type", dest="external_ca_type", >>> + type="choice", choices=("generic", "ms"), >>> + help="Type of the external CA") >>> >>> I would name the option either "ad-cs" or "windows-server-ca", i.e. "Active >>> Directory Certificate Services" or "Windows Server CA". "ms" sounds too >>> generic >>> to me in this context. When using trademarks we should be specific about >>> what >>> do we mean. >> >> Microsoft docs refer to it as "Microsoft Certificate Services" or simply >> "Certificate Services", so I went with "ms-cs". > > Works for me. Just please update the man and refer to this type as "Microsoft > Certificate Services (MS CS)" just in case MS CS alone does not ring a bell of > a user. > > But that's just a minor issue, what is more concerning is that IPA > installation > crashed with the signed CA certificate (this part worked smoothly btw): > > ... > [17/27]: setting audit signing renewal to 2 years > [18/27]: configuring certificate server to start on boot > [19/27]: restarting certificate server > [20/27]: requesting RA certificate from CA > [error] IndexError: list index out of range > Unexpected error - see /var/log/ipaserver-install.log for details: > IndexError: list index out of range > > See > https://mkosek.fedorapeople.org/ticket-4496.tgz > > for related logs.
Jan found the root cause for this failure, we have a bug logged: https://bugzilla.redhat.com/show_bug.cgi?id=1151147 With related workaround specified in https://bugzilla.redhat.com/show_bug.cgi?id=1129558#c11 I was able to install FreeIPA with MS Windows 2012 AD CA. Thus, ACK, pushed to master, ipa-4-1. Next steps with this ticket will be based on how Dogtag approach the reported bug. Martin _______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel