mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-24 08:00:02 -06:00
tests: Added basic constraints extension to the CA certs
The IPA installer refuses to accept certs signed with a CA-signature that does not have basic constraints enabled (Described in RFC 5280) Reviewed-By: David Kupka <dkupka@redhat.com>
This commit is contained in:
parent
bbac233b5e
commit
2f6ffa326a
@ -38,7 +38,10 @@ gen_cert() {
|
||||
|
||||
csr="$(mktemp)"
|
||||
crt="$(mktemp)"
|
||||
certutil -R -d "$dbdir" -s "$subject" -f "$pwfile" -z "$noise" -o "$csr" -4 >/dev/null <<EOF
|
||||
certutil -R -d "$dbdir" -s "$subject" -f "$pwfile" -z "$noise" -o "$csr" -4 -2 >/dev/null <<EOF
|
||||
y
|
||||
0
|
||||
N
|
||||
1
|
||||
7
|
||||
file://$crl_path/$ca.crl
|
||||
|
Loading…
Reference in New Issue
Block a user