diff options
author | Endi S. Dewata <edewata@redhat.com> | 2015-11-07 00:09:19 +0100 |
---|---|---|
committer | Matthew Harmsen <mharmsen@pki.usersys.redhat.com> | 2016-02-22 20:19:30 -0700 |
commit | bc0de424aa8c56d2278e41b7786ca202b7e64cc3 (patch) | |
tree | 35800e3d43bcdb58e7c561ab0a058674475aa7c7 /base/server/etc/default.cfg | |
parent | 4a81377c26e68c48b78c90f2a61970373dd1a6fa (diff) | |
download | pki-bc0de424aa8c56d2278e41b7786ca202b7e64cc3.tar.gz pki-bc0de424aa8c56d2278e41b7786ca202b7e64cc3.tar.xz pki-bc0de424aa8c56d2278e41b7786ca202b7e64cc3.zip |
Added mechanism to import existing CA certificate.
The deployment procedure for external CA has been modified
such that it generates the CA CSR before starting the server.
This allows the same procedure to be used to import CA
certificate from an existing server. It also removes the
requirement to keep the server running while waiting to get
the CSR signed by an external CA.
https://fedorahosted.org/pki/ticket/456
(cherry picked from commit 20c985ae773b26f653cac6d22bd9d93923e18c8e)
Diffstat (limited to 'base/server/etc/default.cfg')
-rw-r--r-- | base/server/etc/default.cfg | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg index ddd2d8367..1c1ae92b3 100644 --- a/base/server/etc/default.cfg +++ b/base/server/etc/default.cfg @@ -22,6 +22,7 @@ sensitive_parameters= pki_client_pkcs12_password pki_clone_pkcs12_password pki_ds_password + pki_external_pkcs12_password pki_one_time_pin pki_pin pki_replication_password @@ -365,10 +366,13 @@ pki_req_ext_add=False pki_req_ext_oid=1.3.6.1.4.1.311.20.2 pki_req_ext_critical=False pki_req_ext_data=1E0A00530075006200430041 -pki_external_csr_path=%(pki_instance_configuration_path)s/ca_signing.csr +pki_external_csr_path= pki_external_step_two=False -pki_external_ca_cert_chain_path=%(pki_instance_configuration_path)s/external_ca_chain.cert -pki_external_ca_cert_path=%(pki_instance_configuration_path)s/external_ca.cert +pki_external_ca_cert_chain_path= +pki_external_ca_cert_chain_nickname=caSigningCert External CA +pki_external_ca_cert_path= +pki_external_pkcs12_path= +pki_external_pkcs12_password= pki_import_admin_cert=False pki_ocsp_signing_key_algorithm=SHA256withRSA pki_ocsp_signing_key_size=2048 |