diff options
| author | Christina Fu <cfu@dhcp-16-189.sjc.redhat.com> | 2016-08-31 14:03:02 -0700 |
|---|---|---|
| committer | Christina Fu <cfu@dhcp-16-189.sjc.redhat.com> | 2016-08-31 14:03:02 -0700 |
| commit | 1195ee9d6e45783d238edc1799363c21590febce (patch) | |
| tree | e8bf70a530f5053f7dbab409cdfd71884f3b0937 /base/server/python | |
| parent | 1922f77e825c8c0ec742382b752b0a32afbff8a9 (diff) | |
| download | pki-1195ee9d6e45783d238edc1799363c21590febce.tar.gz pki-1195ee9d6e45783d238edc1799363c21590febce.tar.xz pki-1195ee9d6e45783d238edc1799363c21590febce.zip | |
Ticket #2446 pkispawn: make subject_dn defaults unique per instance name (for shared HSM)
When installing multiple instances on the same host sharing the same HSM, if subject_dn's are not specifically spelled out with unique names for each instance, installation will fail with complaints that same subject name and serial number already exist. This happens in the scenario if you are creating a subordinate CA, for example, that's in the same domain name as the root CA. It is very inconvenient that you are expected to spell out subject dn's of all system certs in the pkispawn config file.
This patch changes default.cfg so that the instance name is in the default subject dn, e.g. adding it as an "ou" component: ou=%(pki_instance_name)s
Diffstat (limited to 'base/server/python')
0 files changed, 0 insertions, 0 deletions