Issue #6455: Add example of RDN order for ipa-server-install --subject - freeipa

freeipa

#6455 Add example of RDN order for ipa-server-install --subject

Closed: Fixed None Opened 7 years ago by cheimes.

The --subject argument of ipa-server-install takes RDN in LDAP order ('OU=freeipa, C=US'), not in X.509 order as used by browsers ('C=US, OU=freeipa'). The unexpected order can cause some confusion and break an installation. ipa-server-install --help should mention the order:

The certificate subject base (default O=<realm-name>). RDNs are in LDAP order (e.g. 'O=REALM, OU=freeipa, C=US').

pvoborni commented 7 years ago

Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=828866 (Red Hat Enterprise Linux 7)

ftweedal commented 7 years ago

A commit to resolve this is part of pull request:
https://github.com/freeipa/freeipa/pull/245

jcholast commented 7 years ago

master:

3f56609 Indicate that ca subject / subject base uses LDAP RDN order

Metadata Update from @cheimes:
- Issue assigned to ftweedal
- Issue set to the milestone: FreeIPA 4.5

7 years ago

Metadata

Assignee

ftweedal

Tags

None

Blocking

None

Depending on

None

Priority

minor

Milestone

FreeIPA 4.5

None

affects_doc

None

source

None

knownissue

None

type

enhancement

blockedby

None

test_case

None

component

Installation

blocking

None

on_review

None

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=828866

tester

None

changelog

None

design

None

freeipa

Source Code

#6455 Add example of RDN order for ipa-server-install --subject Closed: Fixed None Opened 7 years ago by cheimes.

Metadata

#6455 Add example of RDN order for ipa-server-install --subject

Closed: Fixed None Opened 7 years ago by cheimes.