It would be nice to add some sanity checks (verify that --external_cert_file's subject name is correct and that its issuer name matches --external_ca_file's subject name) to prevent user's from accidentally reversing them or providing the wrong certs.
This is not a high priority for 2.1.1 release.
master: 610faff
ipa-2-1: c4f04dd
Metadata Update from @rcritten: - Issue assigned to jcholast - Issue set to the milestone: FreeIPA 2.1.1 (bug fixing)
Login to comment on this ticket.