diff options
Diffstat (limited to 'ipaserver/install/cainstance.py')
-rw-r--r-- | ipaserver/install/cainstance.py | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 50217086c..2c912206a 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -384,7 +384,8 @@ class CAInstance(DogtagInstance): pkcs12_info=None, master_host=None, csr_file=None, cert_file=None, cert_chain_file=None, master_replication_port=None, - subject_base=None, ca_signing_algorithm=None): + subject_base=None, ca_signing_algorithm=None, + ca_type=None): """Create a CA instance. For Dogtag 9, this may involve creating the pki-ca instance. @@ -414,6 +415,10 @@ class CAInstance(DogtagInstance): self.ca_signing_algorithm = 'SHA256withRSA' else: self.ca_signing_algorithm = ca_signing_algorithm + if ca_type is not None: + self.ca_type = ca_type + else: + self.ca_type = 'generic' # Determine if we are installing as an externally-signed CA and # what stage we're in. @@ -566,6 +571,13 @@ class CAInstance(DogtagInstance): config.set("CA", "pki_external", "True") config.set("CA", "pki_external_csr_path", self.csr_file) + if self.ca_type == 'ms-cs': + # Include MS template name extension in the CSR + config.set("CA", "pki_req_ext_add", "True") + config.set("CA", "pki_req_ext_oid", "1.3.6.1.4.1.311.20.2") + config.set("CA", "pki_req_ext_critical", "False") + config.set("CA", "pki_req_ext_data", "1E0A00530075006200430041") + elif self.external == 2: cert = x509.load_certificate_from_file(self.cert_file) cert_file = tempfile.NamedTemporaryFile() |