diff options
author | Martin Kosek <mkosek@redhat.com> | 2011-10-03 12:30:34 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2011-10-04 11:00:42 +0200 |
commit | 28603e0c3ac20390a860347afb7a6ed976166e03 (patch) | |
tree | 277abd57b77dd4d10718a7cee0f77d504420e44b /install/tools/man | |
parent | 48a67d9a2e932b21d55cd5a2668ed8a9f11e1564 (diff) | |
download | freeipa-28603e0c3ac20390a860347afb7a6ed976166e03.tar.gz freeipa-28603e0c3ac20390a860347afb7a6ed976166e03.tar.xz freeipa-28603e0c3ac20390a860347afb7a6ed976166e03.zip |
Be more clear about selfsign option
Installing IPA server --selfsign option is currently a one-way ticket
to server with limited certificate capabilities. Make sure that user
really want to install it by implementing the following steps:
- moving the option to the bottom of certificate options section
- adding a warning to ipa-server-install man page
- adding a warning to ipa-server-install help
- adding a warning to ipa-server-install configuration summary
when one runs ipa-server-install
https://fedorahosted.org/freeipa/ticket/1908
Diffstat (limited to 'install/tools/man')
-rw-r--r-- | install/tools/man/ipa-server-install.1 | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1 index 074c8d3dc..7cc4983b8 100644 --- a/install/tools/man/ipa-server-install.1 +++ b/install/tools/man/ipa-server-install.1 @@ -72,9 +72,6 @@ An unattended installation that will never prompt for user input .SS "CERTIFICATE SYSTEM OPTIONS" .TP -\fB\-\-selfsign\fR -Configure a self\-signed CA instance for issuing server certificates instead of using dogtag for certificates -.TP \fB\-\-external\-ca\fR Generate a CSR to be signed by an external CA .TP @@ -107,6 +104,11 @@ The password of the Kerberos KDC PKCS#12 file .TP \fB\-\-subject\fR=\fISUBJECT\fR The certificate subject base (default O=REALM.NAME) +.TP +\fB\-\-selfsign\fR +Configure a self\-signed CA instance for issuing server certificates instead of using dogtag for certificates. + +WARNING: Using this option will restrain the server certificate management capabilities. Please, keep in mind that there is no way to change this setting later. .SS "DNS OPTIONS" .TP |