diff options
| author | Ade Lee <alee@redhat.com> | 2016-02-27 02:32:14 -0500 |
|---|---|---|
| committer | Endi S. Dewata <edewata@redhat.com> | 2016-04-02 07:36:42 +0200 |
| commit | 574eb27a2db7be57e7e887f3a790cb6370044e5f (patch) | |
| tree | 163c5a38257b9914a3396b9462d22bb142e98b03 /base/util | |
| parent | a8d12675dbc3d77203efbe2f9f551d4d07a5cab2 (diff) | |
| download | pki-574eb27a2db7be57e7e887f3a790cb6370044e5f.tar.gz pki-574eb27a2db7be57e7e887f3a790cb6370044e5f.tar.xz pki-574eb27a2db7be57e7e887f3a790cb6370044e5f.zip | |
Handle import and export of external certs
Ticket 1742 has a case where a third party CA certificate has
been added by IPA to the dogtag certdb for the proxy cert.
There is no way to ensure that this certificate is imported
when the system is cloned.
This patch will allow the user to import third party certificates
into a dogtag instance through CLI commands (pki-server).
The certs are tracked by a new instance level configuration file
external_certs.conf.
Then, when cloning:
1. When the pk12 file is created by the pki-server ca-clone-prepare
command, the external certs are automatically included.
2. When creating the clone, the new pki_server_pk12_path and
password must be provided. Also, a copy of the
external_certs.conf file must be provided.
3. This copy will be read and merged with the existing
external_certs.conf if one exists.
Diffstat (limited to 'base/util')
0 files changed, 0 insertions, 0 deletions