There are several issues with external CA install: - The file /root/ipa.csr must exist in order to start the second step, but it isn't used anywhere in the second step, - when reading the answer cache, the installer asks for confirmation of the directory manager password, - the default hostname is stored in the answer cache instead of the hostname specified by the user, - DNS forwarders and reverse zone aren't stored in the answer cache.
/root/ipa.csr is passed in as csr_file into the constructor in cainstance.py. It gets passed into pkisilent with -ext_csr_file.
The answer cache is encrypted using the DM password which is why we propmt for it. The prompt may not be the best.
master: a264125
ipa-2-0: d466612
Metadata Update from @jcholast: - Issue assigned to jcholast - Issue set to the milestone: FreeIPA 2.1 - 2011/07
Login to comment on this ticket.