mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
Add the CA constraint to the self-signed CA we generate
514027
This commit is contained in:
parent
559c76f761
commit
38ae093c7b
@ -283,14 +283,25 @@ class CertDB(object):
|
||||
# Generate the encryption key
|
||||
self.run_certutil(["-G", "-z", self.noise_fname, "-f", self.passwd_fname])
|
||||
# Generate the self-signed cert
|
||||
self.run_certutil(["-S", "-n", self.cacert_name,
|
||||
p = subprocess.Popen(["/usr/bin/certutil",
|
||||
"-d", self.secdir,
|
||||
"-S", "-n", self.cacert_name,
|
||||
"-s", "cn=IPA Test Certificate Authority",
|
||||
"-x",
|
||||
"-t", "CT,,C",
|
||||
"-2",
|
||||
"-m", self.next_serial(),
|
||||
"-v", self.valid_months,
|
||||
"-z", self.noise_fname,
|
||||
"-f", self.passwd_fname])
|
||||
"-f", self.passwd_fname],
|
||||
stdin=subprocess.PIPE,
|
||||
stdout=subprocess.PIPE,
|
||||
stderr=subprocess.PIPE)
|
||||
# Is this a CA certificate [y/N]? y
|
||||
# Enter the path length constraint, enter to skip [<0 for unlimited pat
|
||||
# Is this a critical extension [y/N]? y
|
||||
p.stdin.write("y\n\n7\n")
|
||||
p.wait()
|
||||
|
||||
def export_ca_cert(self, nickname, create_pkcs12=False):
|
||||
"""create_pkcs12 tells us whether we should create a PKCS#12 file
|
||||
|
Loading…
Reference in New Issue
Block a user