[Freeipa-devel] [PATCH] fix PKCS#12 file import
Simo Sorce
ssorce at redhat.com
Fri Jul 11 19:24:14 UTC 2008
On Fri, 2008-07-11 at 11:51 -0400, Rob Crittenden wrote:
>
>
> Fairly major changes to the way PKCS#12 files are handled.
>
> One can now pass in PKCS#12 files to be installed during initial
> installation and when a replica is prepared.
>
> ipa-server-certinstall should finally work as one would expect. This
> can
> be used to install from a PKCS#12 file post-installation.
>
> A few gotchas:
>
> - If you use your own certs you'll need to also get an object signing
> cert to sign the jar file we use for Firefox auto-config. See the
> docs
> here
> http://freeipa.org/page/AdministratorsGuide#Using_Your_Own_Certificate_with_Firefox
> - A PIN is required for all PKCS#12 files
> - When using ipa-server-certinstall services are not automatically
> restarted after installing a new cert.
Wow, quite a patch :-)
At a first read it seem all ok, so I'd ack.
Simo.
--
Simo Sorce * Red Hat, Inc * New York
More information about the Freeipa-devel
mailing list