Use the caIPAserviceCert profile for issuing service certs.
This profile enables subject validation and ensures that the subject that the CA issues is uniform. The client can only request a specific CN, the rest of the subject is fixed.
This is the first step of allowing the subject to be set at installation time.
Also fix 2 more issues related to the return results migration.Note that with the selfsign plugin it will still issue the subject that was in the CSR.
rob
freeipa-342-dogtag.patch
Description: application/mbox
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel