Issue #2614: [RFE] enhance --subject option for ipa-server-install - freeipa - Pagure.io

freeipa

#2614 [RFE] enhance --subject option for ipa-server-install

Closed: Fixed None Opened 12 years ago by sbingram.

Currently the --subject option for ipa-server-install only allows you to add other attributes (e.g. O, OU, C) to the existing CN=Certificate Authority for the IPA CA. In some OSs, certificate authorities are only listed by CN (instead of other attributes in the DN), thus the rather bare entry of "Certificate Authority". In older versions of IPA, there was at least the realm added before such that you had EXAMPLE.COM Certificate Authority. It would be nice to be able to at a minimum return to this behavior, or, even better, be able to set the entire subject including the CN itself such that you would include the organization name in the CN.

dpal commented 11 years ago

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=828866

dpal commented 11 years ago

Changing 3.2 priority

mkosek commented 9 years ago

Also, --subject could be removed to --subject-base to be more describing what it is (originally proposed in #2574).

mkosek commented 9 years ago

Stretch goal in 4.2.

mkosek commented 8 years ago

Moving to 4.3, we are too close to 4.2 deadline to be able to handle this stretch RFE.

pvoborni commented 7 years ago

#5900 was closed as duplicate of this ticket.

ftweedal commented 7 years ago

Taking ownership.

jcholast commented 7 years ago

master:

324183c Refactor and relocate set_subject_base_in_config
db66740 installutils: remove hardcoded subject DN assumption
c6db493 installer: rename --subject to --subject-base
6f3eb85 Extract function for computing default subject base
46bf0e8 ipa-ca-install: add missing --subject-base option
f54df62 dsinstance: extract function for writing certmap.conf
09a65df Reuse self.api when executing ca_enabled_check
3d01ec1 Allow full customisability of IPA CA subject DN
0c95a00 Add sanity checks for use of --ca-subject and --subject-base

jcholast commented 7 years ago

Reopening because ipa-ca-install fails unless both --subject-base and --ca-subject are specified.

jcholast commented 7 years ago

master:

87400cd ipa-ca-install: do not fail without --subject-base and --ca-subject

Metadata Update from @sbingram:
- Issue assigned to ftweedal
- Issue set to the milestone: FreeIPA 4.5 backlog

7 years ago

Login to comment on this ticket.

Metadata

Assignee

Tags

None

Blocking

None

Depending on

None

Priority

important

Milestone

FreeIPA 4.5 backlog

cc

None

affects_doc

None

source

None

knownissue

None

type

enhancement

blockedby

None

test_case

None

component

Installation

blocking

None

on_review

1

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=828866

tester

None

changelog

None

design

None

Powered by Pagure 5.13.3

Documentation • File an Issue • About • SSH Hostkey/Fingerprint

© Red Hat, Inc. and others.