From f8f3d5868820136422c63f80540f1e1ff5387861 Mon Sep 17 00:00:00 2001
From: Jan Cholasta <jcholast@redhat.com>
Date: Wed, 6 Aug 2014 09:43:19 +0200
Subject: Allow specifying signing algorithm of the IPA CA cert in
 ipa-server-install.

This is especially useful for external CA install, as the algorithm is also
used for the CSR signature.

https://fedorahosted.org/freeipa/ticket/4447

Reviewed-By: Martin Kosek <mkosek@redhat.com>
---
 install/tools/man/ipa-server-install.1 | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'install/tools/man')

diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1
index 8cc2ffa45..ecea26db1 100644
--- a/install/tools/man/ipa-server-install.1
+++ b/install/tools/man/ipa-server-install.1
@@ -123,6 +123,9 @@ PEM file containing the CA certificate of the CA which issued the Directory Serv
 .TP
 \fB\-\-subject\fR=\fISUBJECT\fR
 The certificate subject base (default O=REALM.NAME)
+.TP
+\fB\-\-ca\-signing\-algorithm\fR=\fIALGORITHM\fR
+Signing algorithm of the IPA CA certificate. Possible values are SHA1withRSA, SHA256withRSA, SHA512withRSA. Default value is SHA256withRSA. Use this option with --external-ca if the external CA does not support the default signing algorithm.
 
 .SS "DNS OPTIONS"
 .TP
-- 
cgit