Pathlen is always -1 in CA signing cert.It will be good if it can be a configurable attribute so it can be set during runtime based on use case. openssl also give uses permissions to configure it based on their requirement.
manual edit can be done to pki/base/ca/shared/conf/caCert.profile (in the pre-installation area) 5.default.params.basicConstraintsPathLen=-1
two action items: 1. We should document this in both doc and man pages. 2. per discussion today, please file separate bug for handling customized profiles (or other things)
Per CS/DS Triage Meeting of 03/22/2016: 10.3
Provide this information in a man page.
I created ticket #2244 for future enhancements.
This can be done without new deployment parameters: http://pki.fedoraproject.org/wiki/Custom_Installation#Customizing_system_certificate_profile
Metadata Update from @gkapoor: - Issue set to the milestone: 10.3.1
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2344
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.