I want to make a certificate profile that can issue certificates for hosts, but I want values in certprofile be filled by FreeIPA, and not from certificate request. I can not understand how FreeIPA integrates with DogTag when some IPA-joined host requests certificate with certmonger.
In some profiles I see `$request.req_subject_name.cn$`, but I don't understand if FreeIPA took this value from request or from ldap, did ipa validated this CN owned by requestor or not? In different profiles I found there is `$request.upn$` placeholder, but it just does not work when it's requested by certmonger. Is there a list of parameters FreeIPA passes to DogTag, with information about source of those values and validation against directory? -- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
