From da4ca36ef5e378f55259438b4f72491d0966e5e7 Mon Sep 17 00:00:00 2001 From: Fraser Tweedale Date: Thu, 8 Oct 2015 01:09:22 -0400 Subject: Lightweight CAs: enrol cert via profile subsystem Enrol new CA certs via the profile subsystem to ensure that the usual audit events are logged and to avoid the nasty ConfigStore hack used to generate the cert via CertUtil. This commit also fixes an issue where the new CA certificate does not have the correct Authority Key Identifier extension. Fixes: https://fedorahosted.org/pki/ticket/1624 Fixes: https://fedorahosted.org/pki/ticket/1632 --- base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java | 3 +++ 1 file changed, 3 insertions(+) (limited to 'base/common/src/com/netscape') diff --git a/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java b/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java index 96bc39229..376654e98 100644 --- a/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java +++ b/base/common/src/com/netscape/certsrv/ca/ICertificateAuthority.java @@ -34,6 +34,7 @@ import netscape.security.x509.X509CertInfo; import org.mozilla.jss.crypto.SignatureAlgorithm; +import com.netscape.certsrv.authentication.IAuthToken; import com.netscape.certsrv.base.EBaseException; import com.netscape.certsrv.base.IConfigStore; import com.netscape.certsrv.base.ISubsystem; @@ -562,6 +563,7 @@ public interface ICertificateAuthority extends ISubsystem { * Create a new sub-CA under the specified parent CA. */ public ICertificateAuthority createCA( + IAuthToken authToken, String dn, AuthorityID parentAID, String desc) throws EBaseException; @@ -572,6 +574,7 @@ public interface ICertificateAuthority extends ISubsystem { * caller's responsibility. */ public ICertificateAuthority createSubCA( + IAuthToken authToken, String dn, String desc) throws EBaseException; -- cgit