diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-10-08 10:51:31 +0200 |
---|---|---|
committer | Martin Kosek <mkosek@redhat.com> | 2014-10-13 12:18:09 +0200 |
commit | 4cdeacdedfe344e570da99548043a07a6fa24dbe (patch) | |
tree | 3e1316b61f7da81a9241c25fcbfa0a5ace37a4f8 /install/tools/ipa-server-install | |
parent | 9fcc9a0163b7f485deae2fd000ae0ab554f9bb72 (diff) | |
download | freeipa-4cdeacdedfe344e570da99548043a07a6fa24dbe.tar.gz freeipa-4cdeacdedfe344e570da99548043a07a6fa24dbe.tar.xz freeipa-4cdeacdedfe344e570da99548043a07a6fa24dbe.zip |
Support MS CS as the external CA in ipa-server-install and ipa-ca-install
Added a new option --external-ca-type which specifies the type of the
external CA. It can be either "generic" (the default) or "ms-cs". If "ms-cs"
is selected, the CSR generated for the IPA CA will include MS template name
extension (OID 1.3.6.1.4.1.311.20.2) with template name "SubCA".
https://fedorahosted.org/freeipa/ticket/4496
Reviewed-By: Martin Kosek <mkosek@redhat.com>
Diffstat (limited to 'install/tools/ipa-server-install')
-rwxr-xr-x | install/tools/ipa-server-install | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index ffff20a27..39c13547c 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -204,6 +204,9 @@ def parse_options(): cert_group = OptionGroup(parser, "certificate system options") cert_group.add_option("", "--external-ca", dest="external_ca", action="store_true", default=False, help="Generate a CSR for the IPA CA certificate to be signed by an external CA") + cert_group.add_option("--external-ca-type", dest="external_ca_type", + type="choice", choices=("generic", "ms-cs"), + help="Type of the external CA") cert_group.add_option("--external-cert-file", dest="external_cert_files", action="append", metavar="FILE", help="File containing the IPA CA certificate and the external CA certificate chain") @@ -375,6 +378,10 @@ def parse_options(): parser.error("You cannot specify service certificate file options " "together with --external-ca") + if options.external_ca_type and not options.external_ca: + parser.error( + "You cannot specify --external-ca-type without --external-ca") + if (options.external_cert_files and any(not os.path.isabs(path) for path in options.external_cert_files)): parser.error("--external-cert-file must use an absolute path") @@ -1164,7 +1171,8 @@ def main(): ca.configure_instance(host_name, domain_name, dm_password, dm_password, csr_file=paths.ROOT_IPA_CSR, subject_base=options.subject, - ca_signing_algorithm=options.ca_signing_algorithm) + ca_signing_algorithm=options.ca_signing_algorithm, + ca_type=options.external_ca_type) else: # stage 2 of external CA installation ca.configure_instance(host_name, domain_name, dm_password, |