diff options
author | Endi S. Dewata <edewata@redhat.com> | 2015-11-07 00:09:19 +0100 |
---|---|---|
committer | Endi S. Dewata <edewata@redhat.com> | 2015-11-25 00:26:21 +0100 |
commit | 20c985ae773b26f653cac6d22bd9d93923e18c8e (patch) | |
tree | d10cf2d40b0434e35c0214700f26d4998db6778c /base/server/etc/default.cfg | |
parent | ec9c68d68eabff3784fcf6dabf2c6745734b3c9c (diff) | |
download | pki-20c985ae773b26f653cac6d22bd9d93923e18c8e.tar.gz pki-20c985ae773b26f653cac6d22bd9d93923e18c8e.tar.xz pki-20c985ae773b26f653cac6d22bd9d93923e18c8e.zip |
Added mechanism to import existing CA certificate.
The deployment procedure for external CA has been modified
such that it generates the CA CSR before starting the server.
This allows the same procedure to be used to import CA
certificate from an existing server. It also removes the
requirement to keep the server running while waiting to get
the CSR signed by an external CA.
https://fedorahosted.org/pki/ticket/456
Diffstat (limited to 'base/server/etc/default.cfg')
-rw-r--r-- | base/server/etc/default.cfg | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg index ddd2d8367..1c1ae92b3 100644 --- a/base/server/etc/default.cfg +++ b/base/server/etc/default.cfg @@ -22,6 +22,7 @@ sensitive_parameters= pki_client_pkcs12_password pki_clone_pkcs12_password pki_ds_password + pki_external_pkcs12_password pki_one_time_pin pki_pin pki_replication_password @@ -365,10 +366,13 @@ pki_req_ext_add=False pki_req_ext_oid=1.3.6.1.4.1.311.20.2 pki_req_ext_critical=False pki_req_ext_data=1E0A00530075006200430041 -pki_external_csr_path=%(pki_instance_configuration_path)s/ca_signing.csr +pki_external_csr_path= pki_external_step_two=False -pki_external_ca_cert_chain_path=%(pki_instance_configuration_path)s/external_ca_chain.cert -pki_external_ca_cert_path=%(pki_instance_configuration_path)s/external_ca.cert +pki_external_ca_cert_chain_path= +pki_external_ca_cert_chain_nickname=caSigningCert External CA +pki_external_ca_cert_path= +pki_external_pkcs12_path= +pki_external_pkcs12_password= pki_import_admin_cert=False pki_ocsp_signing_key_algorithm=SHA256withRSA pki_ocsp_signing_key_size=2048 |