The CLI options for ipa-server-certinstall are not ideal. We should:
Add a --pin option that replaces --dirsrv_pin (used with -d) and --http_pin (used with -w; -d and -w are mutually exclusive). The old options will remain as deprecated aliases.
Add a -p, --dirman-password option to specify the directory manager password (necessary for replacing the DS cert).
Mention in the usage string that
ipa-server-certinstall is now being rewritten for #3641, the change can be included in that devel effort.
First bit done.
master: 02be7ac Add --pin option to ipa-server-certinstall.
ipa-3-3: 02214c4 Add --pin option to ipa-server-certinstall.
I'll keep an eye on this one.
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1001665
Correcting the release notes
Metadata Update from @pviktori:
- Issue assigned to jcholast
- Issue set to the milestone: FreeIPA 3.3.x - 2013/08 (bug fixing)
to comment on this ticket.