It would be nice to add some sanity checks (verify that --external_cert_file's subject name is correct and that its issuer name matches --external_ca_file's subject name) to prevent user's from accidentally reversing them or providing the wrong certs.
This is not a high priority for 2.1.1 release.
Metadata Update from @rcritten:
- Issue assigned to jcholast
- Issue set to the milestone: FreeIPA 2.1.1 (bug fixing)
to comment on this ticket.