Hi Fraser and list,
I've wrote a (minimal) draft  of the test plan for the Sub CAs feature
and I also have several questions.
Could you please take a look at it?
As described in the last (currently) test case, should it be possible to
both the CA and certificate profile in cert-request call?
This way one could use (at least) two ACLs (one affiliated with CA, one
with a profile).
Are there such use cases?
Related to this, what happens when CA ACL has specific CA and profile
Applicable to other combinations as well. The ACL category semantics is
a bit unclear for me here.
Is there any validation of the CA's DN (syntax)?
How would you approach testing of the Sub CA certificate renewal and key
(I do not know if this is covered at the respective component's level or
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code