freeipa/install
Rob Crittenden 02e19d0a39 Add SHA384withRSA as a certificate signing algorithm
It required support in dogtag which was added in 10.5.0.

This is only easily configurable during installation because
it will set ca.signing.defaultSigningAlgorithm to the
selected algorithm in CS.cfg

The certificate profiles will generally by default set
default.params.signingAlg=- which means use the CA default.

So while an existing installation will technically allow
SHA384withRSA it will require profile changes and/or
changing the defaultSigningAlgorithm in CS.cfg and
restarting (completely untested). And that won't affect
already issued-certificates.

https://pagure.io/freeipa/issue/8906

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2021-07-09 13:21:00 -04:00
..
certmonger Improve performance of ipa-server-guard 2020-08-19 13:59:11 -04:00
custodia Replace PYTHONSHEBANG with valid shebang 2019-06-24 09:35:57 +02:00
html Change FreeIPA references to IPA and Identity Management 2021-01-21 13:51:45 +01:00
migration Change FreeIPA references to IPA and Identity Management 2021-01-21 13:51:45 +01:00
oddjob use a constant instead of /var/lib/sss/keytabs 2021-01-22 12:21:33 -05:00
restart_scripts Don't create log files from help scripts 2019-09-24 15:23:30 +02:00
share Add SHA384withRSA as a certificate signing algorithm 2021-07-09 13:21:00 -04:00
tools Add SHA384withRSA as a certificate signing algorithm 2021-07-09 13:21:00 -04:00
ui WebUI: Improve subordinate ids user workflow 2021-07-09 09:47:30 -04:00
updates Fix ipa-server-upgrade 2021-07-09 09:47:30 -04:00
wsgi wgi/plugins.py: ignore empty plugin directories 2020-11-06 16:38:37 -05:00
Makefile.am Move Custodia secrets handler to scripts 2019-04-26 12:09:22 +02:00
README.schema Add some basic rules for adding new schema 2010-08-27 13:40:37 -04:00

Ground rules on adding new schema

Brand new schema, particularly when written specifically for IPA, should be
added in share/*.ldif. Any new files need to be explicitly loaded in
ipaserver/install/dsinstance.py. These simply get copied directly into
the new instance schema directory.

Existing schema (e.g. in an LDAP draft) may either be added as a separate
ldif in share or as an update in the updates directory. The advantage of
adding the schema as an update is if 389-ds ever adds the schema then the
installation won't fail due to existing schema failing to load during
bootstrap.

If the new schema requires a new container then this should be added
to install/bootstrap-template.ldif.