Hi Fraser and list,

I've wrote a (minimal) draft [1] of the test plan for the Sub CAs feature
and I also have several questions.

Could you please take a look at it?


As described in the last (currently) test case, should it be possible to specify
both the CA and certificate profile in cert-request call?
This way one could use (at least) two ACLs (one affiliated with CA, one with a profile).
Are there such use cases?

Related to this, what happens when CA ACL has specific CA and profile category (all)?
Applicable to other combinations as well. The ACL category semantics is
a bit unclear for me here.

Is there any validation of the CA's DN (syntax)?

How would you approach testing of the Sub CA certificate renewal and key replication (I do not know if this is covered at the respective component's level or not)?

[1]: http://www.freeipa.org/page/V4/Sub-CAs/Test_Plan


Milan Kubik

Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to