mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-01-11 00:31:56 -06:00
beaa0562dc
Dogtag has implemented a new random serial number scheme they are calling RSNv3. https://github.com/dogtagpki/pki/wiki/Random-Certificate-Serial-Numbers-v3 Given the known issues reported this will be supported in IPA for new installations only. There is no mixing of random servers and non-random servers allowed. Instructions for installing a CA: https://github.com/dogtagpki/pki/blob/master/docs/installation/ca/Installing-CA-with-Random-Serial-Numbers-v3.adoc Instructions for installing a KRA: https://github.com/dogtagpki/pki/blob/master/docs/installation/kra/Installig-KRA-with-Random-Serial-Numbers-v3.adoc The version of random serial numbers is stored within the CA entry of the server. It is stored as a version to allow for future upgrades. If a CA has RSN enabled then any KRA installed will also have it enabled for its identifiers. A new attribute, ipaCaRandomSerialNumberVersion, is added to the IPA CA entry to track the version number in case PKI has future major revisions. This can also be used to determine if RSN is enabled or not. Fixes: https://pagure.io/freeipa/issue/2016 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Florence Blanc-Renaud <flo@redhat.com> Reviewed-By: Francisco Trivino <ftrivino@redhat.com> Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com> |
||
|---|---|---|
| .. | ||
| man | ||
| ipa-acme-manage.in | ||
| ipa-adtrust-install.in | ||
| ipa-advise.in | ||
| ipa-backup.in | ||
| ipa-ca-install.in | ||
| ipa-cacert-manage.in | ||
| ipa-ccache-sweeper.in | ||
| ipa-cert-fix.in | ||
| ipa-compat-manage.in | ||
| ipa-crlgen-manage.in | ||
| ipa-csreplica-manage.in | ||
| ipa-custodia-check.in | ||
| ipa-custodia.in | ||
| ipa-dns-install.in | ||
| ipa-httpd-kdcproxy.in | ||
| ipa-httpd-pwdreader.in | ||
| ipa-kra-install.in | ||
| ipa-ldap-updater.in | ||
| ipa-managed-entries.in | ||
| ipa-nis-manage.in | ||
| ipa-otptoken-import.in | ||
| ipa-pki-retrieve-key.in | ||
| ipa-pki-wait-running.in | ||
| ipa-pkinit-manage.in | ||
| ipa-replica-conncheck.in | ||
| ipa-replica-install.in | ||
| ipa-replica-manage.in | ||
| ipa-restore.in | ||
| ipa-server-certinstall.in | ||
| ipa-server-install.in | ||
| ipa-server-upgrade.in | ||
| ipa-subids.in | ||
| ipa-winsync-migrate.in | ||
| ipactl.in | ||
| Makefile.am | ||