IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Allow specifying signing algorithm of the IPA CA cert in ipa-ca-install

Browse Source 
The --ca-signing-algorithm option is available in ipa-server-install, make
it available in ipa-ca-install as well.

https://fedorahosted.org/freeipa/ticket/4447

Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
This commit is contained in:
Jan Cholasta
2014-10-08 12:18:06 +02:00
committed by Petr Vobornik
parent 3f9d1a71f1
commit cf860c7154
2 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
install/tools/ipa-ca-install
View File

@@ -72,6 +72,10 @@ def parse_options():
parser.add_option("--external-cert-file", dest="external_cert_files", parser.add_option("--external-cert-file", dest="external_cert_files",
action="append", metavar="FILE", action="append", metavar="FILE",
help="File containing the IPA CA certificate and the external CA certificate chain") help="File containing the IPA CA certificate and the external CA certificate chain")
parser.add_option("--ca-signing-algorithm", dest="ca_signing_algorithm",
type="choice",
choices=('SHA1withRSA', 'SHA256withRSA', 'SHA512withRSA'),
help="Signing algorithm of the IPA CA certificate")
options, args = parser.parse_args() options, args = parser.parse_args()
safe_options = parser.get_safe_opts(options) safe_options = parser.get_safe_opts(options)
@@ -309,18 +313,21 @@ def install_master(safe_options, options):
ca.create_ra_agent_db = False ca.create_ra_agent_db = False
if external == 0: if external == 0:
ca.configure_instance(host_name, domain_name, dm_password, ca.configure_instance(host_name, domain_name, dm_password,
dm_password, subject_base=subject_base) dm_password, subject_base=subject_base,
ca_signing_algorithm=options.ca_signing_algorithm)
elif external == 1: elif external == 1:
ca.configure_instance(host_name, domain_name, dm_password, ca.configure_instance(host_name, domain_name, dm_password,
dm_password, csr_file=paths.ROOT_IPA_CSR, dm_password, csr_file=paths.ROOT_IPA_CSR,
subject_base=subject_base, subject_base=subject_base,
ca_signing_algorithm=options.ca_signing_algorithm,
ca_type=options.external_ca_type) ca_type=options.external_ca_type)
else: else:
ca.configure_instance(host_name, domain_name, dm_password, ca.configure_instance(host_name, domain_name, dm_password,
dm_password, dm_password,
cert_file=external_cert_file.name, cert_file=external_cert_file.name,
cert_chain_file=external_ca_file.name, cert_chain_file=external_ca_file.name,
subject_base=subject_base) subject_base=subject_base,
ca_signing_algorithm=options.ca_signing_algorithm)
ca.stop(ca.dogtag_constants.PKI_INSTANCE_NAME) ca.stop(ca.dogtag_constants.PKI_INSTANCE_NAME)

3
install/tools/man/ipa-ca-install.1
View File

@@ -46,6 +46,9 @@ Type of the external CA. Possible values are "generic", "ms-cs". Default value i
\fB\-\-external\-cert\-file\fR=\fIFILE\fR \fB\-\-external\-cert\-file\fR=\fIFILE\fR
File containing the IPA CA certificate and the external CA certificate chain. The file is accepted in PEM and DER certificate and PKCS#7 certificate chain formats. This option may be used multiple times. File containing the IPA CA certificate and the external CA certificate chain. The file is accepted in PEM and DER certificate and PKCS#7 certificate chain formats. This option may be used multiple times.
.TP .TP
\fB\-\-ca\-signing\-algorithm\fR=\fIALGORITHM\fR
Signing algorithm of the IPA CA certificate. Possible values are SHA1withRSA, SHA256withRSA, SHA512withRSA. Default value is SHA256withRSA. Use this option with --external-ca if the external CA does not support the default signing algorithm.
.TP
\fB\-\-no\-host\-dns\fR \fB\-\-no\-host\-dns\fR
Do not use DNS for hostname lookup during installation Do not use DNS for hostname lookup during installation
.TP .TP