Re: [Pki-devel] [pki-devel][PATCH] 0076-MAN-Apply-generateCRMFRequest-removed-from-Firefox-w.patch

Conditionally ACKED by cfu. She wanted me to test the new ECC signing cert only profile I added: Test was a success. Pushed to master Closing ticket #1285 Also release note bug on how to use the new profiles here: https://bugzilla.redhat.com/show_bug.cgi?id=1355849 ----- Original Message ----- From: "John Magne" <jmagne(a)redhat.com&gt; To: "pki-devel" <pki-devel(a)redhat.com&gt;, pki-devel(a)redhat.com Cc: cfu(a)redhat.com Sent: Thursday, July 14, 2016 11:42:36 AM Subject: [pki-devel][PATCH] 0076-MAN-Apply-generateCRMFRequest-removed-from-Firefox-w.patch [MAN] Apply 'generateCRMFRequest() removed from Firefox' workarounds to appropriate 'pki' man page Ticket #1285 This fix will involve the following changes to the source tree. 1. Fixes to the CS.cfg to add two new cert profiles. 2. Make the caDualCert.cfg profile invisible since it has little chance of working any more in Firefox. 3. Create caSigningUserCert.cfg and caSigningECUserCert.cfg to allow the CLI to have convenient profiles from which to enroll signing ONLY certificates. To go along with this I have filed a downstream release note bug that shows exactly how to deploy the new profile to separately create one signing cert and one encryption cert (with archival), which allows one to accomplish what the formater caDualCert profile used to do when Firefox supported it.