On ke, 22 elo 2018, Rob Crittenden wrote:
Rob Crittenden via FreeIPA-devel wrote:
Alexander Bokovoy via FreeIPA-devel wrote:
< 0> rsa f9119ce98a883f7f75a72fb32faed0125b1b31a3 my-cert
Thanks for the script, easily reproducible.
I'm not sure why Nalin makes it a requirement to authenticate to the
token to write a certificate. It shouldn't be mandatory AFAIK.
I changed SelfSign to local so that I could have a CA associated with
the cert for validation purposes.
I tested with a build that ifdef'd that bit of code out and a cert is
written but it is written to the sql database and not to the token.
Maybe this is ok. AFAIR NSS is just fine mixing its own database with
the contents of tokens but this isn't expected and of course the trust
flags are ,, because the key isn't in the same place as the cert. It
verifies ok though if I add the local CA to the NSS database.
I have the basics in place so the cert is written to a token but I have
a ton more testing to do.
Thanks.
I also noticed that the issuer, subject and expiration dates aren't
being set in at least the local ca. I need to determine if that is due
to my patches or another bug.
A bit weird, indeed. I haven't noticed that failing in my past tests.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/SXCOST2AVDX5HWWKZH4ES5W2CTOOQI6S/
