On 2.8.2016 05:57, Fraser Tweedale wrote:
>> > Hah! This is what I get for thinking I know what the output has to look
>> > like, and not testing all the way through to requesting the cert. I'll
>> > change the profile to generate a subject with CN= instead of UID=. Updated
>> > patch is attached. Unfortunately these rules are only updated at
>> > ipa-server-install time, so if you'd like to fix it without reinstalling:
>> > 
> (Tangential commentary...) Yeah, currently cert-request demands the
> CN.  There is a design to relax the requirement to handle empty
> subject names (look at SAN only).  IMO it would make sense to accept
> other "obvious" mappings in Subject DN like accepting UID instead of
> CN for user subjects, but that would be a separate RFE.  Noone has
> actually asked for it yet :)

Side-note:
I thought that subject format is enforced by certificate profile on server.
Am I wrong?

-- 
Petr^2 Spacek

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to