.git - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Collapse)	Author	Age	Files	Lines
*	Add external CA signing and abstract out the RA backend	Rob Crittenden	2009-09-15	1	-343/+0
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	External CA signing is a 2-step process. You first have to run the IPA installer which will generate a CSR. You pass this CSR to your external CA and get back a cert. You then pass this cert and the CA cert and re-run the installer. The CSR is always written to /root/ipa.csr. A run would look like: # ipa-server-install --ca --external-ca -p password -a password -r EXAMPLE.COM -u dirsrv -n example.com --hostname=ipa.example.com -U [ sign cert request ] # ipa-server-install --ca --external-ca -p password -a password --external_cert_file=/tmp/rob.crt --external_ca_file=/tmp/cacert.crt -U -p password -a password -r EXAMPLE.COM -u dirsrv -n example.com --hostname=ipa.example.com This also abstracts out the RA backend plugin so the self-signed CA we create can be used in a running server. This means that the cert plugin can request certs (and nothing else). This should let us do online replica creation. To handle the self-signed CA the simple ca_serialno file now contains additional data so we don't have overlapping serial numbers in replicas. This isn't used yet. Currently the cert plugin will not work on self-signed replicas. One very important change for self-signed CAs is that the CA is no longer held in the DS database. It is now in the Apache database. Lots of general fixes were also made in ipaserver.install.certs including: - better handling when multiple CA certificates are in a single file - A temporary directory for request certs is not always created when the class is instantiated (you have to call setup_cert_request())
*	Use XML rather than string routines to handle response from dogtag Remove ↵	Rob Crittenden	2009-04-28	1	-6/+17
\| \| \| \|	trailing CR/LF from the password file
*	Rename errors2.py to errors.py. Modify all affected files.	Pavel Zuna	2009-04-23	1	-1/+1
\|
*	Convert the RA plugin to use nsslib and remove the configure methods	Rob Crittenden	2009-04-20	1	-134/+39
\|
*	Implement an installer for the Dogtag certificate system.	Rob Crittenden	2009-04-03	1	-1/+4
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	The CA is currently not automatically installed. You have to pass in the --ca flag to install it. What works: - installation - unistallation - cert/ra plugins can issue and retrieve server certs What doesn't work: - self-signed CA is still created and issues Apache and DS certs - dogtag and python-nss not in rpm requires - requires that CS be in the "pre" install state from pkicreate
*	Removed 'Assert False' that was mistakingly left in cert.py; small cleanup ↵	Jason Gerard DeRose	2009-02-17	1	-4/+2
\| \| \| \|	in cert.py and ra.py imports
*	Implemented more elegant way for entire plugin module to be conditionally ↵	Jason Gerard DeRose	2009-02-17	1	-3/+7
\| \| \| \|	skipped; updated cert.py and ra.py modules to use this
*	Added env.enable_ra variable and change cert.py and ra.py plugin modules to ↵	Jason Gerard DeRose	2009-02-17	1	-1/+2
\| \| \| \|	register plugins conditionally
*	Cleaned up ra.revoke_certificate() and ra.take_certificate_off_hold(); added ↵	Jason Gerard DeRose	2009-02-17	1	-142/+121
\| \| \| \|	more tests in integration.py
*	Some cleanup in ra.request_certificate()	Jason Gerard DeRose	2009-02-17	1	-44/+41
\|
*	More work on ra.check_request_status() and ra.get_certificate()	Jason Gerard DeRose	2009-02-17	1	-55/+83
\|
*	Continued cleanup cert/ra plugins	Jason Gerard DeRose	2009-02-17	1	-20/+57
\|
*	Fixed a few problems in ra.py backend plugin	Jason Gerard DeRose	2009-02-17	1	-4/+2
\|
*	Started cleanup work on ra plugin; fixed problem in api.bootstrap() when ↵	Jason Gerard DeRose	2009-02-17	1	-102/+76
\| \| \| \|	process does not have permision to open log file
*	Renamed b_ra.py plugin module to ra.py	Jason Gerard DeRose	2009-02-17	1	-0/+408