Issue #2951: change dogtag audit profile to renew for 2 years and not 6 months - freeipa

freeipa

#2951 change dogtag audit profile to renew for 2 years and not 6 months

Closed: Fixed None Opened 11 years ago by rcritten.

This will eventually apply only to already installed instances.

We noticed during renewal testing that audit cert is issued for 2 years at install time but the renewal profile for it renews for only 6 months.

The dogtag team is going to address new installs, we need to handle upgrades.

rcritten commented 11 years ago

On renewal it uses caSignedLogCert.cfg in the profile subdir

We need to increase policyset.caLogSigningSet.2.default.params.range

rcritten commented 11 years ago

The dogtag BZ is https://bugzilla.redhat.com/show_bug.cgi?id=843979

rcritten commented 11 years ago

attachment
freeipa-rcrit-1055-auditrenewal.patch

rcritten commented 11 years ago

The patch depends on the dogtag 9/10 generalization code from ticket #2846

mkosek commented 11 years ago

master: eb79f5c[[BR]]
ipa-3-0: 8f7625a

Metadata Update from @rcritten:
- Issue assigned to rcritten
- Issue set to the milestone: FreeIPA 3.0 GA

7 years ago

Metadata

Assignee

rcritten

Tags

None

Blocking

None

Depending on

None

Priority

normal

Milestone

FreeIPA 3.0 GA

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

Certificate management

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

tester

None

changelog

None

design

None

freeipa

Source Code

#2951 change dogtag audit profile to renew for 2 years and not 6 months Closed: Fixed None Opened 11 years ago by rcritten.

Metadata

#2951 change dogtag audit profile to renew for 2 years and not 6 months

Closed: Fixed None Opened 11 years ago by rcritten.