mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-25 08:21:05 -06:00
24a5d4d06b
The dns parameter of request_and_wait_for_cert() must be a string of hostnames. * Enforce list/tuple type so that API misuse no longer passes silently. * Add commonNameToSANDefaultImpl to KDCs_PKINIT_Certs profile * Explicitly pass hostname for service certs Fixes: https://pagure.io/freeipa/issue/8685 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com> |
||
---|---|---|
.. | ||
acmeIPAServerCert.cfg | ||
caIPAserviceCert.cfg | ||
caIPAserviceCert.UPGRADE.cfg | ||
IECUserRoles.cfg | ||
KDCs_PKINIT_Certs.cfg | ||
Makefile.am | ||
README |
This directory contains profile TEMPLATES for certificate profiles included in FreeIPA. Do not import these files or modifications thereof - it is likely that Dogtag will accept the configuration, but certificate issuance will fail with the updated configuration. At best, it will not give you the certificates you want. If you want to modify a profile configuration or create a new profile based on an existing profile configuration, you should export the current profile configuration with the command: ipa certprofile-show --out FILENAME PROFILE_NAME After modifying the configuration, update the profile configuration: ipa certprofile-mod --file FILENAME PROFILE_NAME Or if you are creating a new profile: ipa certprofile-import --desc DESC --store 1 \ --file FILENAME NEW_PROFILE_NAME