mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
1a35a2e213
The CommonNameToSANDefault component was added to Dogtag 10.4. When a profile is configured to use it, this profile copies the CN in the certificate to the Subject Alternative Name extension as a dNSName (if and only if it does look like a DNS name). It is desirable that the default service profile use this component. Add it to the default profile, for new installations only. For existing installations, until a proper profile update mechanism is implemented, administrators who wish to use it must configure it via the 'certprofile-mod' command. Fixes: https://pagure.io/freeipa/issue/7007 Reviewed-By: Jan Cholasta <jcholast@redhat.com> |
||
---|---|---|
.. | ||
caIPAserviceCert.cfg | ||
IECUserRoles.cfg | ||
KDCs_PKINIT_Certs.cfg | ||
Makefile.am | ||
README |
This directory contains profile TEMPLATES for certificate profiles included in FreeIPA. Do not import these files or modifications thereof - it is likely that Dogtag will accept the configuration, but certificate issuance will fail with the updated configuration. At best, it will not give you the certificates you want. If you want to modify a profile configuration or create a new profile based on an existing profile configuration, you should export the current profile configuration with the command: ipa certprofile-show --out FILENAME PROFILE_NAME After modifying the configuration, update the profile configuration: ipa certprofile-mod --file FILENAME PROFILE_NAME Or if you are creating a new profile: ipa certprofile-import --desc DESC --store 1 \ --file FILENAME NEW_PROFILE_NAME