diff options
| author | Jan Cholasta <jcholast@redhat.com> | 2014-10-08 12:18:06 +0200 |
|---|---|---|
| committer | Petr Vobornik <pvoborni@redhat.com> | 2014-10-16 13:33:40 +0200 |
| commit | cf860c71545fe93bebcb7dcb426795240e776eb3 (patch) | |
| tree | a93774a327aef7698a5d33f65b8efc89fc61cd4c /install/tools/ipa-ca-install | |
| parent | 3f9d1a71f1087ab1b203e8ce51eeb14194f7f0a2 (diff) | |
| download | freeipa-cf860c71545fe93bebcb7dcb426795240e776eb3.tar.gz freeipa-cf860c71545fe93bebcb7dcb426795240e776eb3.tar.xz freeipa-cf860c71545fe93bebcb7dcb426795240e776eb3.zip | |
Allow specifying signing algorithm of the IPA CA cert in ipa-ca-install
The --ca-signing-algorithm option is available in ipa-server-install, make
it available in ipa-ca-install as well.
https://fedorahosted.org/freeipa/ticket/4447
Reviewed-By: Petr Vobornik <pvoborni@redhat.com>
Diffstat (limited to 'install/tools/ipa-ca-install')
| -rwxr-xr-x | install/tools/ipa-ca-install | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/install/tools/ipa-ca-install b/install/tools/ipa-ca-install index a5c3ad9a6..0ea8cf24d 100755 --- a/install/tools/ipa-ca-install +++ b/install/tools/ipa-ca-install @@ -72,6 +72,10 @@ def parse_options(): parser.add_option("--external-cert-file", dest="external_cert_files", action="append", metavar="FILE", help="File containing the IPA CA certificate and the external CA certificate chain") + parser.add_option("--ca-signing-algorithm", dest="ca_signing_algorithm", + type="choice", + choices=('SHA1withRSA', 'SHA256withRSA', 'SHA512withRSA'), + help="Signing algorithm of the IPA CA certificate") options, args = parser.parse_args() safe_options = parser.get_safe_opts(options) @@ -309,18 +313,21 @@ def install_master(safe_options, options): ca.create_ra_agent_db = False if external == 0: ca.configure_instance(host_name, domain_name, dm_password, - dm_password, subject_base=subject_base) + dm_password, subject_base=subject_base, + ca_signing_algorithm=options.ca_signing_algorithm) elif external == 1: ca.configure_instance(host_name, domain_name, dm_password, dm_password, csr_file=paths.ROOT_IPA_CSR, subject_base=subject_base, + ca_signing_algorithm=options.ca_signing_algorithm, ca_type=options.external_ca_type) else: ca.configure_instance(host_name, domain_name, dm_password, dm_password, cert_file=external_cert_file.name, cert_chain_file=external_ca_file.name, - subject_base=subject_base) + subject_base=subject_base, + ca_signing_algorithm=options.ca_signing_algorithm) ca.stop(ca.dogtag_constants.PKI_INSTANCE_NAME) |