summaryrefslogtreecommitdiffstats
path: root/install
diff options
context:
space:
mode:
authorPetr Viktorin <pviktori@redhat.com>2013-03-20 14:44:22 +0100
committerMartin Kosek <mkosek@redhat.com>2013-04-15 13:32:58 +0200
commitb36380fff80d5a6755240bd65b6ef432ef2741e6 (patch)
treeaffb6543927e73784ad967ef256c362ea6b0ca1c /install
parentb8b573a966f4be268031ccca5abce09767928ff7 (diff)
downloadfreeipa.git-b36380fff80d5a6755240bd65b6ef432ef2741e6.tar.gz
freeipa.git-b36380fff80d5a6755240bd65b6ef432ef2741e6.tar.xz
freeipa.git-b36380fff80d5a6755240bd65b6ef432ef2741e6.zip
ipa-server-install: correct help text for --external_{cert,ca}_file
The options take PEM certificates, not PKCS#10. This corrects both the --help output and the man page. https://fedorahosted.org/freeipa/ticket/3523
Diffstat (limited to 'install')
-rwxr-xr-xinstall/tools/ipa-server-install10
-rw-r--r--install/tools/man/ipa-server-install.14
2 files changed, 7 insertions, 7 deletions
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index da3caa08..d400dbab 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -169,9 +169,9 @@ def parse_options():
cert_group.add_option("", "--external-ca", dest="external_ca", action="store_true",
default=False, help="Generate a CSR to be signed by an external CA")
cert_group.add_option("", "--external_cert_file", dest="external_cert_file",
- help="File containing PKCS#10 certificate")
+ help="PEM file containing a certificate signed by the external CA")
cert_group.add_option("", "--external_ca_file", dest="external_ca_file",
- help="File containing PKCS#10 of the external CA chain")
+ help="PEM file containing the external CA chain")
cert_group.add_option("--no-pkinit", dest="setup_pkinit", action="store_false",
default=True, help="disables pkinit setup steps")
cert_group.add_option("--dirsrv_pkcs12", dest="dirsrv_pkcs12",
@@ -670,7 +670,7 @@ def main():
try:
extcert = load_certificate_from_file(options.external_cert_file)
except IOError, e:
- print "Can't load the PKCS#10 certificate: %s." % str(e)
+ print "Can't load the PEM certificate: %s." % str(e)
sys.exit(1)
except nss.error.NSPRError:
print "'%s' is not a valid PEM-encoded certificate." % options.external_cert_file
@@ -679,7 +679,7 @@ def main():
certsubject = DN(str(extcert.subject))
wantsubject = DN(('CN','Certificate Authority'), options.subject)
if certsubject != wantsubject:
- print "Subject of the PKCS#10 certificate is not correct (got %s, expected %s)." % (certsubject, wantsubject)
+ print "Subject of the external certificate is not correct (got %s, expected %s)." % (certsubject, wantsubject)
sys.exit(1)
try:
@@ -694,7 +694,7 @@ def main():
certdict = dict((DN(str(cert.subject)), cert) for cert in extchain)
certissuer = DN(str(extcert.issuer))
if certissuer not in certdict:
- print "The PKCS#10 certificate is not signed by the external CA (unknown issuer %s)." % certissuer
+ print "The external certificate is not signed by the external CA (unknown issuer %s)." % certissuer
sys.exit(1)
cert = extcert
diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1
index 6959a314..59219c14 100644
--- a/install/tools/man/ipa-server-install.1
+++ b/install/tools/man/ipa-server-install.1
@@ -88,10 +88,10 @@ An unattended installation that will never prompt for user input
Generate a CSR to be signed by an external CA
.TP
\fB\-\-external_cert_file\fR=\fIFILE\fR
-File containing PKCS#10 certificate
+PEM file containing a certificate signed by the external CA. Must be given with \-\-external_ca_file.
.TP
\fB\-\-external_ca_file\fR=\fIFILE\fR
-File containing PKCS#10 of the external CA chain
+PEM file containing the external CA chain
.TP
\fB\-\-no\-pkinit\fR
Disables pkinit setup steps