diff options
| author | Ade Lee <alee@redhat.com> | 2017-01-20 11:01:41 -0500 |
|---|---|---|
| committer | Ade Lee <alee@redhat.com> | 2017-01-24 12:49:47 -0500 |
| commit | 049a4e3e09328bfcdff62dc189ad95917647fb22 (patch) | |
| tree | 71689109650a38e015322a8659e51e389b9fc644 /base/server | |
| parent | c57875a84e61d6e0a71da5b74a3c2ce0e13132a6 (diff) | |
Add option to remove signing cert entry
In the migration case, it is useful to delete the initially
created signing certificate database record and have that be
imported through the ldif data import instead.
Therefore, we add an option to remove this entry. The user
also needs to provide the serial number for the entry.
This resolves the following tickets/BZs:
BZ# 1409949/Trac 2573 - CA Certificate Issuance Date displayed
on CA website incorrect
BZ# 1409946/Trac 2571 - Request ID undefined for CA signing
certificate
Diffstat (limited to 'base/server')
| -rw-r--r-- | base/server/etc/default.cfg | 2 | ||||
| -rw-r--r-- | base/server/python/pki/server/deployment/pkihelper.py | 6 |
2 files changed, 8 insertions, 0 deletions
diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg index f35b6a7d5..b3e056a33 100644 --- a/base/server/etc/default.cfg +++ b/base/server/etc/default.cfg @@ -291,6 +291,8 @@ pki_ca_signing_key_algorithm=SHA256withRSA pki_ca_signing_key_size=2048 pki_ca_signing_key_type=rsa pki_ca_signing_nickname=caSigningCert cert-%(pki_instance_name)s CA +pki_ca_signing_record_create=True +pki_ca_signing_serial_number=1 pki_ca_signing_signing_algorithm=SHA256withRSA pki_ca_signing_subject_dn=cn=CA Signing Certificate,ou=%(pki_instance_name)s,o=%(pki_security_domain_name)s pki_ca_signing_token= diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index c9fe50d96..2e276f522 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -4020,6 +4020,12 @@ class ConfigClient: # Misc CA parameters if self.subsystem == "CA": data.startingCRLNumber = self.mdict['pki_ca_starting_crl_number'] + data.createSigningCertRecord = ( + self.mdict['pki_ca_signing_record_create'].lower() + ) + data.signingCertSerialNumber = ( + self.mdict['pki_ca_signing_serial_number'].lower() + ) return data |