tests: Added basic constraints extension to the CA certs

The IPA installer refuses to accept certs signed with a CA-signature that does not have basic constraints enabled (Described in RFC 5280) Reviewed-By: David Kupka <dkupka@redhat.com>
author: Oleg Fayans <ofayans@redhat.com> 2016-09-07 09:52:33 +0200
committer: David Kupka <dkupka@redhat.com> 2016-09-22 15:20:42 +0200
commit: 2f6ffa326adb4d4e9152463ffa733d559f7be2af (patch)
tree: 8bce3a703516b8740b18a77ac8f885bf86757996 /ipatests/test_integration
parent: bbac233b5ee487ab0e035cf0b861144769a0b738 (diff)
download: freeipa-2f6ffa326adb4d4e9152463ffa733d559f7be2af.tar.gz
freeipa-2f6ffa326adb4d4e9152463ffa733d559f7be2af.tar.xz
freeipa-2f6ffa326adb4d4e9152463ffa733d559f7be2af.zip
1 files changed, 4 insertions, 1 deletions
diff --git a/ipatests/test_integration/scripts/caless-create-pki b/ipatests/test_integration/scripts/caless-create-pki
index f428ebae1..8eefadf69 100644
--- a/ipatests/test_integration/scripts/caless-create-pki
+++ b/ipatests/test_integration/scripts/caless-create-pki
@@ -38,7 +38,10 @@ gen_cert() {
 
     csr="$(mktemp)"
     crt="$(mktemp)"
-    certutil -R -d "$dbdir" -s "$subject" -f "$pwfile" -z "$noise" -o "$csr" -4 >/dev/null <<EOF
+    certutil -R -d "$dbdir" -s "$subject" -f "$pwfile" -z "$noise" -o "$csr" -4 -2 >/dev/null <<EOF
+y
+0
+N
 1
 7
 file://$crl_path/$ca.crl
author	Oleg Fayans <ofayans@redhat.com>	2016-09-07 09:52:33 +0200
committer	David Kupka <dkupka@redhat.com>	2016-09-22 15:20:42 +0200
commit	2f6ffa326adb4d4e9152463ffa733d559f7be2af (patch)
tree	8bce3a703516b8740b18a77ac8f885bf86757996 /ipatests/test_integration
parent	bbac233b5ee487ab0e035cf0b861144769a0b738 (diff)
download	freeipa-2f6ffa326adb4d4e9152463ffa733d559f7be2af.tar.gz freeipa-2f6ffa326adb4d4e9152463ffa733d559f7be2af.tar.xz freeipa-2f6ffa326adb4d4e9152463ffa733d559f7be2af.zip