#3641 ipa-server-certinstall should replace the CA certificate in LDAP
Closed: Fixed None Opened 10 years ago by rcritten.

ipa-server-certinstall replaces the LDAP and Apache certs but doesn't replace the CA cert in LDAP (and probably not in the filesystem either).


Moving open tickets to next month bucket.

We agreed with Rob that CA cert replacement should be done in #3737. The patches provided for this ticket make ipa-server-certinstall work with both CA and CA-less installs as well as fix some other issues, but do not allow replacing CA cert.

Moving all non-critical bugs to 3.3.x bug fixing bucket (FreeIPA 3.3 final was released).

master:

  • 78cf94a Ask for PKCS#12 password interactively in ipa-server-certinstall.
  • (related) 02be7ac Add --pin option to ipa-server-certinstall.
  • 1669253 Untrack old and track new cert with certmonger in ipa-server-certinstall.
  • f2c3ae3 Replace only the cert instead of the whole NSS DB in ipa-server-certinstall.
  • 809123a Ignore empty mod error when updating DS SSL config in ipa-server-certinstall.
  • 59c4aba Remove unused NSSDatabase and CertDB method find_root_cert_from_pkcs12.
  • 2b08168 Port ipa-server-certinstall to the admintool framework.
  • ce711dd Make PKCS#12 handling in ipa-server-certinstall closer to what other tools do.

and ipa-3-3:

  • 43a6af1 Ask for PKCS#12 password interactively in ipa-server-certinstall.
  • (related) 02214c4 Add --pin option to ipa-server-certinstall.
  • 9a114f3 Untrack old and track new cert with certmonger in ipa-server-certinstall.
  • 7dbbb8b Replace only the cert instead of the whole NSS DB in ipa-server-certinstall.
  • ae5661a Ignore empty mod error when updating DS SSL config in ipa-server-certinstall.
  • 2e14298 Remove unused NSSDatabase and CertDB method find_root_cert_from_pkcs12.
  • 5031e3e Port ipa-server-certinstall to the admintool framework.
  • 73c40f5 Make PKCS#12 handling in ipa-server-certinstall closer to what other tools do.

Metadata Update from @rcritten:
- Issue assigned to jcholast
- Issue set to the milestone: FreeIPA 3.3.x - 2013/08 (bug fixing)

7 years ago

Login to comment on this ticket.

Metadata