freeipa

Clone
Source Code
GIT

#3304 [RFE] Create a tool to replace IPA root cert in case IPA is a sub CA
Closed: Duplicate None Opened 11 years ago by dpal.

Closed: Duplicate
Reopen Issue

https://bugzilla.redhat.com/show_bug.cgi?id=886645 (Red Hat Enterprise Linux 6)

Description of problem:

IPA CA can chain to an external CA. An external CA cert can expire or chaining can be changed. There should be a tool that would allow to refresh IPA root CA and update it preserving the key and subject name.

Reassigning to jcholast, as agreed with him.

Moving to current 3.4 month cycle.

3.4 development was shifted for one month, moving tickets to reflect reality better.

Adjusting time plan - 3.4 development was postponed as we focused on 3.3.x testing and stabilization.

Adjusting time plan - 3.4 development was postponed as we focused on 3.3.x testing and stabilization.

This ticket is not complete yet, moving to next month milestone.

This ticket just focuses on a special case of #3737 - closing is duplicate, let us track the work in #3737 only.

Metadata Update from @dpal:
- Issue assigned to jcholast
- Issue set to the milestone: FreeIPA 4.0 - 2014/04
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
important
None
None
None
None
enhancement
None
None
Certificate management
None
0
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=886645
None
FreeIPA CA can chain to an external CA. An external CA cert can expire or chaining can be changed. A CA certificate renewal tool allowing to refresh FreIPA root CA and to update it while preserving the key and subject name was added.
http://www.freeipa.org/page/V4/CA_certificate_renewal
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.