diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2014-10-08 10:51:31 +0200 |
|---|---|---|
| committer | Martin Kosek <mkosek@redhat.com> | 2014-10-13 12:18:09 +0200 |
| commit | 4cdeacdedfe344e570da99548043a07a6fa24dbe (patch) | |
| tree | 3e1316b61f7da81a9241c25fcbfa0a5ace37a4f8 /install/tools/man | |
| parent | 9fcc9a0163b7f485deae2fd000ae0ab554f9bb72 (diff) | |
| download | freeipa-4cdeacdedfe344e570da99548043a07a6fa24dbe.tar.gz freeipa-4cdeacdedfe344e570da99548043a07a6fa24dbe.tar.xz freeipa-4cdeacdedfe344e570da99548043a07a6fa24dbe.zip | |
Support MS CS as the external CA in ipa-server-install and ipa-ca-install
Added a new option --external-ca-type which specifies the type of the
external CA. It can be either "generic" (the default) or "ms-cs". If "ms-cs"
is selected, the CSR generated for the IPA CA will include MS template name
extension (OID 1.3.6.1.4.1.311.20.2) with template name "SubCA".
https://fedorahosted.org/freeipa/ticket/4496
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Diffstat (limited to 'install/tools/man')
| -rw-r--r-- | install/tools/man/ipa-ca-install.1 | 6 | ||||
| -rw-r--r-- | install/tools/man/ipa-server-install.1 | 3 |
2 files changed, 9 insertions, 0 deletions
diff --git a/install/tools/man/ipa-ca-install.1 b/install/tools/man/ipa-ca-install.1 index 8f7201c20..ba31a289c 100644 --- a/install/tools/man/ipa-ca-install.1 +++ b/install/tools/man/ipa-ca-install.1 @@ -37,6 +37,12 @@ Directory Manager (existing master) password \fB\-w\fR \fIADMIN_PASSWORD\fR, \fB\-\-admin\-password\fR=\fIADMIN_PASSWORD\fR Admin user Kerberos password used for connection check .TP +\fB\-\-external\-ca\fR +Generate a CSR for the IPA CA certificate to be signed by an external CA. +.TP +\fB\-\-external\-ca\-type\fR=\fITYPE\fR +Type of the external CA. Possible values are "generic", "ms-cs". Default value is "generic". Use "ms-cs" to include template name required by Microsoft Certificate Services (MS CS) in the generated CSR. +.TP \fB\-\-external\-cert\-file\fR=\fIFILE\fR File containing the IPA CA certificate and the external CA certificate chain. The file is accepted in PEM and DER certificate and PKCS#7 certificate chain formats. This option may be used multiple times. .TP diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1 index 582108e6f..e5c9c319b 100644 --- a/install/tools/man/ipa-server-install.1 +++ b/install/tools/man/ipa-server-install.1 @@ -87,6 +87,9 @@ An unattended installation that will never prompt for user input \fB\-\-external\-ca\fR Generate a CSR for the IPA CA certificate to be signed by an external CA. .TP +\fB\-\-external\-ca\-type\fR=\fITYPE\fR +Type of the external CA. Possible values are "generic", "ms-cs". Default value is "generic". Use "ms-cs" to include template name required by Microsoft Certificate Services (MS CS) in the generated CSR. +.TP \fB\-\-external\-cert\-file\fR=\fIFILE\fR File containing the IPA CA certificate and the external CA certificate chain. The file is accepted in PEM and DER certificate and PKCS#7 certificate chain formats. This option may be used multiple times. .TP |