From 1530758475c2e21dd732581ff6816e03ca74dede Mon Sep 17 00:00:00 2001
From: Fraser Tweedale <ftweedal@redhat.com>
Date: Mar 22 2017 11:29:23 +0000
Subject: Support 8192-bit RSA keys in default cert profile


Update the caIPAserviceCert profile to accept 8192-bit RSA keys.
Affects new installs only, because there is not yet a facility to
update included profiles.

Fixes: https://pagure.io/freeipa/issue/6319
Reviewed-By: Tomas Krizek <tkrizek@redhat.com>

---

diff --git a/install/share/profiles/caIPAserviceCert.cfg b/install/share/profiles/caIPAserviceCert.cfg
index 6c5102f..1efd206 100644
--- a/install/share/profiles/caIPAserviceCert.cfg
+++ b/install/share/profiles/caIPAserviceCert.cfg
@@ -32,7 +32,7 @@ policyset.serverCertSet.2.default.params.startTime=0
 policyset.serverCertSet.3.constraint.class_id=keyConstraintImpl
 policyset.serverCertSet.3.constraint.name=Key Constraint
 policyset.serverCertSet.3.constraint.params.keyType=RSA
-policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096
+policyset.serverCertSet.3.constraint.params.keyParameters=1024,2048,3072,4096,8192
 policyset.serverCertSet.3.default.class_id=userKeyDefaultImpl
 policyset.serverCertSet.3.default.name=Key Default
 policyset.serverCertSet.4.constraint.class_id=noConstraintImpl