Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1129561
IPA can be installed as a Sub CA. In this case we look into a file provided to us that contains the cert from the root CA. In practice the file might conatin more than one cert, i.e. a cert chain. In this case we error our as we expect only one cert and do not know which one should be used. This ticket suggests that instead of just failing and saying that there are more than one cert in the file we should say something like:
There are more than one certificate detected. Subject names: foo bar baz rerun the installation adding an additional argument --some-arg-to-choose-the-cert = <subject name from the list above>
The user will rerun the command choosing the exact cert and would move on. This would be much more usable and would avoid the confusion.
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1129558 (Red Hat Enterprise Linux 7)
Original Bugzilla was closed as duplicate.
master:
ipa-4-1:
Metadata Update from @dpal: - Issue assigned to jcholast - Issue set to the milestone: FreeIPA 4.1
Login to comment on this ticket.