Stephen Ingram wrote:
On Mon, Apr 9, 2012 at 12:00 PM, Stephen Ingram<sbing...@gmail.com>  wrote:
On Mon, Apr 9, 2012 at 11:35 AM, Dmitri Pal<d...@redhat.com>  wrote:
On 04/09/2012 02:25 PM, Stephen Ingram wrote:
In an attempt to make the CA certificate from IPA a little more
noticeable for the users in our realm I've successfully used the
--subject option during the ipa-server-install process. It seems
however, that you cannot change the CN from the default "Certificate
Authority". I've added O=, OU= and C=, but as some certificate
managers in browsers/os's (i.e. Mac OS X) organize certificates by CN
name, it would be nice to point to something representing the company
name instead of the generic Certificate Authority. It even seems that
in the older 2.0 release candidates, they used the default "REALM
Certificate Authority" for the CN instead of just Certificate
Authority. Can this be easily changed so that at least the realm could
be slipped in front of Certificate Authority or customize the CN
altogether?


Please open an RFE ticket.

Done. Ticket 2614.

In the meantime, I've changed
/usr/lib/python2.x/site-packages/ipaserver/install/cainstance.py to
force a CN and obtained a successful install. After the install,
trying to create a cert failed so I also patched
/usr/lib/python2.x/site-packages/ipalib/x509.py to allow for the
different CN. Is there anywhere else I could get into trouble later on
that might also need to be changed?

I think you might have issues if you try to install a replica. You'd probably need to change ipaserver/install/certs.py, plus duplicate the other changes as well.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to