mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
tests: Added basic constraints extension to the CA certs
The IPA installer refuses to accept certs signed with a CA-signature that does not have basic constraints enabled (Described in RFC 5280) Reviewed-By: David Kupka <dkupka@redhat.com>
This commit is contained in:
parent
bbac233b5e
commit
2f6ffa326a
@ -38,7 +38,10 @@ gen_cert() {
|
|||||||
|
|
||||||
csr="$(mktemp)"
|
csr="$(mktemp)"
|
||||||
crt="$(mktemp)"
|
crt="$(mktemp)"
|
||||||
certutil -R -d "$dbdir" -s "$subject" -f "$pwfile" -z "$noise" -o "$csr" -4 >/dev/null <<EOF
|
certutil -R -d "$dbdir" -s "$subject" -f "$pwfile" -z "$noise" -o "$csr" -4 -2 >/dev/null <<EOF
|
||||||
|
y
|
||||||
|
0
|
||||||
|
N
|
||||||
1
|
1
|
||||||
7
|
7
|
||||||
file://$crl_path/$ca.crl
|
file://$crl_path/$ca.crl
|
||||||
|
Loading…
Reference in New Issue
Block a user