freeipa

Clone
Source Code
GIT

#4303 Check for existence of /root/ipa.csr when installing w/external CA
Closed: Fixed None Opened 10 years ago by rcritten.

Closed: Fixed
Reopen Issue

Dogtag will fail the installation if the file /root/ipa.csr exists when doing an external CA installation.

# touch /root/ipa.csr
# ipa-server-install <options> --external-ca

FAIL

It fails because the CSR exists.

This is most often seen on frequent install/uninstall. This may need to be done in two steps:

  • Remove the file on uninstall
  • Check early for the file on install and exit gracefully if it exists

I would also like if the file was moved to /var/lib/ipa/ca.csr.

Right, this is probably what we will need to do in 4.0. This is a requirement from SELinux team, right?

Moving stabilization tickets that do not affect FreeIPA 4.0 release usability in any significant way to 4.0.1 stabilization milestone.

FreeIPA 4.0.1 was released, moving to next bugfixing release milestone.

master:

  • 1313537 Check if /root/ipa.csr exists when installing server with external CA.

ipa-4-1:

  • 1313537 Check if /root/ipa.csr exists when installing server with external CA.

ipa-4-0:

  • 28aed7b Check if /root/ipa.csr exists when installing server with external CA.

Metadata Update from @rcritten:
- Issue assigned to jcholast
- Issue set to the milestone: FreeIPA 4.0.2
7 years ago

Login to comment on this ticket.

Metadata
None
None
None
normal
None
None
None
None
defect
None
None
Installation
None
1
None
None
None
None
0
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.