https://bugzilla.redhat.com/show_bug.cgi?id=705804
Once IPA is configured, the ipaCert subject CN is named as RA Subsystem. This might lead to confusion as IPA does not use dogtag's RA subsystem.
Steps to Reproduce: - Configure IPA - Issue a
and notice the CN of the subject
Actual results: CN says 'RA Subsystem'
[root@neptune alias]# certutil -L -d . -n "ipaCert" | grep RA -A 4 -B 4 Issuer: "CN=Certificate Authority,O=LAB.ENG.PNQ.REDHAT.COM" Validity: Not Before: Thu May 12 06:31:38 2011 Not After : Wed May 01 06:31:38 2013 Subject: "CN=RA Subsystem,O=LAB.ENG.PNQ.REDHAT.COM" Subject Public Key Info: Public Key Algorithm: PKCS #1 RSA Encryption RSA Public Key: Modulus: [root@neptune alias]#
Changing CN to something like 'IPA RA' would be helpful. as RA subsystem from dogtag is not installed, this CN=RA subsystem might lead to confusion
Rob, you think should these directives also be renamed in '/etc/ipa/default.conf'?
enable_ra=True ; ra_plugin=dogtag
No, it is too late to rename them.
attachment freeipa-rcrit-827-ranickname.patch
master: bfee87d
ipa-2-0: 4fb4a85
Metadata Update from @rcritten: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 2.1 - 2011/07
Login to comment on this ticket.