Hello, I am new here and I am throwing a bottle into the sea hoping for your help.
I've been working for several days to implement the compliant certificate integration for Stormshield on FreeIPA 4.12. Here is the link : https://documentation.stormshield.eu/SNS/v4/en/Content/DR_Mode/DR-compliance-PKI.htm Ensuring the PKI's compliance with DR mode Is it possible to do that ? Maybe i miss something ? I created a profile cert that only accepts signatures SHA256withEC policyset.caSubCertSet.9.constraint.params.signingAlgsAllowed=SHA256withEC,SHA384withEC,SHA512withEC policyset.caSubCertSet.9.default.class_id=signingAlgDefaultImpl policyset.caSubCertSet.9.default.name=Signing Alg policyset.caSubCertSet.9.default.params.signingAlg=SHA256withEC or policyset.caSubCertSet.9.default.params.signingAlg=SHA256withECDSA freeipa accepts it but Subject Public Key Info: Public Key Algorithm: id-ecPublicKey Signature Algorithm: sha256WithRSAEncryption Signature Value: Signature Algorithm: sha256WithRSAEncryption Is it possible to change this : Signature Algorithm: ecdsa-with-SHA256 I tried to create a sub CA but I don't know if I'm doing it right. Kind regards -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
