diff options
Diffstat (limited to 'install')
-rwxr-xr-x | install/tools/ipa-server-install | 13 | ||||
-rw-r--r-- | install/tools/man/ipa-server-install.1 | 3 |
2 files changed, 13 insertions, 3 deletions
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 533023f2e..e73a098df 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -227,6 +227,10 @@ def parse_options(): cert_group.add_option("--subject", action="callback", callback=subject_callback, type="string", help="The certificate subject base (default O=<realm-name>)") + cert_group.add_option("--ca-signing-algorithm", dest="ca_signing_algorithm", + type="choice", + choices=('SHA1withRSA', 'SHA256withRSA', 'SHA512withRSA'), + help="Signing algorithm of the IPA CA certificate") parser.add_option_group(cert_group) dns_group = OptionGroup(parser, "DNS options") @@ -1093,7 +1097,8 @@ def main(): dogtag_constants=dogtag.install_constants) if external == 0: ca.configure_instance(host_name, domain_name, dm_password, - dm_password, subject_base=options.subject) + dm_password, subject_base=options.subject, + ca_signing_algorithm=options.ca_signing_algorithm) elif external == 1: # stage 1 of external CA installation options.realm_name = realm_name @@ -1108,14 +1113,16 @@ def main(): write_cache(vars(options)) ca.configure_instance(host_name, domain_name, dm_password, dm_password, csr_file=paths.ROOT_IPA_CSR, - subject_base=options.subject) + subject_base=options.subject, + ca_signing_algorithm=options.ca_signing_algorithm) else: # stage 2 of external CA installation ca.configure_instance(host_name, domain_name, dm_password, dm_password, cert_file=options.external_cert_file, cert_chain_file=options.external_ca_file, - subject_base=options.subject) + subject_base=options.subject, + ca_signing_algorithm=options.ca_signing_algorithm) # Now put the CA cert where other instances exepct it ca.publish_ca_cert(CACERT) diff --git a/install/tools/man/ipa-server-install.1 b/install/tools/man/ipa-server-install.1 index 8cc2ffa45..ecea26db1 100644 --- a/install/tools/man/ipa-server-install.1 +++ b/install/tools/man/ipa-server-install.1 @@ -123,6 +123,9 @@ PEM file containing the CA certificate of the CA which issued the Directory Serv .TP \fB\-\-subject\fR=\fISUBJECT\fR The certificate subject base (default O=REALM.NAME) +.TP +\fB\-\-ca\-signing\-algorithm\fR=\fIALGORITHM\fR +Signing algorithm of the IPA CA certificate. Possible values are SHA1withRSA, SHA256withRSA, SHA512withRSA. Default value is SHA256withRSA. Use this option with --external-ca if the external CA does not support the default signing algorithm. .SS "DNS OPTIONS" .TP |