diff options
Diffstat (limited to 'install/tools')
-rwxr-xr-x | install/tools/ipa-ca-install | 10 | ||||
-rwxr-xr-x | install/tools/ipa-server-install | 10 | ||||
-rw-r--r-- | install/tools/man/ipa-ca-install.1 | 6 | ||||
-rw-r--r-- | install/tools/man/ipa-server-install.1 | 3 |
4 files changed, 27 insertions, 2 deletions
diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install index bd30b27ae..a5c3ad9a6 100755 --- a/install/tools/ipa-ca-install +++ b/install/tools/ipa-ca-install @@ -66,6 +66,9 @@ def parse_options(): default=False, help="unattended installation never prompts the user") parser.add_option("--external-ca", dest="external_ca", action="store_true", default=False, help="Generate a CSR to be signed by an external CA") + parser.add_option("--external-ca-type", dest="external_ca_type", + type="choice", choices=("generic", "ms-cs"), + help="Type of the external CA") parser.add_option("--external-cert-file", dest="external_cert_files", action="append", metavar="FILE", help="File containing the IPA CA certificate and the external CA certificate chain") @@ -87,6 +90,10 @@ def parse_options(): parser.error("You cannot specify --external-cert-file " "together with --external-ca") + if options.external_ca_type and not options.external_ca: + parser.error( + "You cannot specify --external-ca-type without --external-ca") + return safe_options, options, filename @@ -306,7 +313,8 @@ def install_master(safe_options, options): elif external == 1: ca.configure_instance(host_name, domain_name, dm_password, dm_password, csr_file=paths.ROOT_IPA_CSR, - subject_base=subject_base) + subject_base=subject_base, + ca_type=options.external_ca_type) else: ca.configure_instance(host_name, domain_name, dm_password, dm_password, diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index ffff20a27..39c13547c 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -204,6 +204,9 @@ def parse_options(): cert_group = OptionGroup(parser, "certificate system options") cert_group.add_option("", "--external-ca", dest="external_ca", action="store_true", default=False, help="Generate a CSR for the IPA CA certificate to be signed by an external CA") + cert_group.add_option("--external-ca-type", dest="external_ca_type", + type="choice", choices=("generic", "ms-cs"), + help="Type of the external CA") cert_group.add_option("--external-cert-file", dest="external_cert_files", action="append", metavar="FILE", help="File containing the IPA CA certificate and the external CA certificate chain") @@ -375,6 +378,10 @@ def parse_options(): parser.error("You cannot specify service certificate file options " "together with --external-ca") + if options.external_ca_type and not options.external_ca: + parser.error( + "You cannot specify --external-ca-type without --external-ca") + if (options.external_cert_files and any(not os.path.isabs(path) for path in options.external_cert_files)): parser.error("--external-cert-file must use an absolute path") @@ -1164,7 +1171,8 @@ def main(): ca.configure_instance(host_name, domain_name, dm_password, dm_password, csr_file=paths.ROOT_IPA_CSR, subject_base=options.subject, - ca_signing_algorithm=options.ca_signing_algorithm) + ca_signing_algorithm=options.ca_signing_algorithm, + ca_type=options.external_ca_type) else: # stage 2 of external CA installation ca.configure_instance(host_name, domain_name, dm_password, diff --git a/install/tools/man/ipa-ca-install.1 b/install/tools/man/ipa-ca-install.1 index 8f7201c20..ba31a289c 100644 --- a/install/tools/man/ipa-ca-install.1 +++ b/install/tools/man/ipa-ca-install.1 @@ -37,6 +37,12 @@ Directory Manager (existing master) password \fB\-w\fR \fIADMIN_PASSWORD\fR, \fB\-\-admin\-password\fR=\fIADMIN_PASSWORD\fR Admin user Kerberos password used for connection check .TP +\fB\-\-external\-ca\fR +Generate a CSR for the IPA CA certificate to be signed by an external CA. +.TP +\fB\-\-external\-ca\-type\fR=\fITYPE\fR +Type of the external CA. Possible values are "generic", "ms-cs". Default value is "generic". Use "ms-cs" to include template name required by Microsoft Certificate Services (MS CS) in the generated CSR. +.TP \fB\-\-external\-cert\-file\fR=\fIFILE\fR File containing the IPA CA certificate and the external CA certificate chain. The file is accepted in PEM and DER certificate and PKCS#7 certificate chain formats. This option may be used multiple times. .TP diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1 index 582108e6f..e5c9c319b 100644 --- a/install/tools/man/ipa-server-install.1 +++ b/install/tools/man/ipa-server-install.1 @@ -87,6 +87,9 @@ An unattended installation that will never prompt for user input \fB\-\-external\-ca\fR Generate a CSR for the IPA CA certificate to be signed by an external CA. .TP +\fB\-\-external\-ca\-type\fR=\fITYPE\fR +Type of the external CA. Possible values are "generic", "ms-cs". Default value is "generic". Use "ms-cs" to include template name required by Microsoft Certificate Services (MS CS) in the generated CSR. +.TP \fB\-\-external\-cert\-file\fR=\fIFILE\fR File containing the IPA CA certificate and the external CA certificate chain. The file is accepted in PEM and DER certificate and PKCS#7 certificate chain formats. This option may be used multiple times. .TP |