#7523 external CA installation: step two reports self-signed configuration
Closed: fixed 5 years ago Opened 5 years ago by ftweedal.

FreeIPA installation reports the CA configuration that will be used, including
whether the CA is self-signed or externally-signed, e.g.:

...
The CA will be configured with:                     
Subject DN:   CN=Certificate Authority,o=IPA.LOCAL 201805021017
Subject base: o=IPA.LOCAL 201805021017                         
Chaining:     externally signed (two-step installation)        
...

Installation with external CA takes two steps. The first step correctly reports
the externally signed configuration (like the above), but the second step reports
a self-signed configuration:

The CA will be configured with:                     
Subject DN:   CN=Certificate Authority,o=IPA.LOCAL 201805021017
Subject base: o=IPA.LOCAL 201805021017                         
Chaining:     self-signed                                      

The CA is externally signed, but the configuration gets reported incorrectly at the
second step. This could confuse the administrator.


Metadata Update from @ftweedal:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/1894

5 years ago

Metadata Update from @cheimes:
- Issue set to the milestone: FreeIPA 4.6.4

5 years ago

master:

  • 6659392 install: fix reported external CA configuration

Metadata Update from @cheimes:
- Issue set to the milestone: FreeIPA 4.7 (was: FreeIPA 4.6.4)

5 years ago

Metadata Update from @cheimes:
- Issue close_status updated to: fixed

5 years ago

Login to comment on this ticket.

Metadata