Re: [Pki-devel] [Freeipa-devel] Proposed patch to resolve #828866 [RFE] enhance --subject option for ipa-server-install
On Fri, Jul 08, 2016 at 01:18:23PM +0200, Petr Spacek wrote:
On 8.7.2016 05:42, Fraser Tweedale wrote:
>
> 2. If argument contains CN but it is not the "most specific"
> RDN, move it to the front (to satisfy requirement of Dogtag
> profile).
I wonder if we can relax the requirement in Dogtag so no reordering is needed.
After all, DN is just a name, isn't it? Why Dogtag requires particular field
in DN?
Cc pki-devel@. The subject name constraint in the caCAcert profile
is:
policyset.caCertSet.1.constraint.params.pattern=CN=.*
What do you think? Can we relax or remove this constraint - or if
not, why is it required?
Thanks,
Fraser