Issue #5595: ipa-certupdate breaks Dogtag after CA-less to CA-full update - freeipa

freeipa

#5595 ipa-certupdate breaks Dogtag after CA-less to CA-full update

Closed: Fixed None Opened 8 years ago by jcholast.

If ipa-certupdate is run after updating from CA-less to CA-full, it removes the CA-less CA certificate from the Dogtag NSS database, rendering Dogtag unable to connect to LDAP.

Fix ipa-certupdate to put all installed CA certificate to all relevant filesystem locations to avoid issues like this.

pvoborni commented 8 years ago

seen in https://bugzilla.redhat.com/show_bug.cgi?id=1256038

pvoborni commented 8 years ago

Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1301687 (Red Hat Enterprise Linux 7)

tbabej commented 8 years ago

ipa-4-2:

2314fa6 cert renewal: import all external CA certs on IPA CA cert renewal

tbabej commented 8 years ago

ipa-4-3:

659c5ae cert renewal: import all external CA certs on IPA CA cert renewal

Metadata Update from @jcholast:
- Issue assigned to jcholast
- Issue set to the milestone: FreeIPA 4.2.4

7 years ago

Metadata

Assignee

jcholast

Tags

None

Blocking

None

Depending on

None

Priority

important

Milestone

FreeIPA 4.2.4

None

affects_doc

None

source

None

knownissue

None

type

defect

blockedby

None

test_case

None

component

IPA

blocking

None

on_review

keywords

None

test_coverage

None

reviewer

None

external_tracker

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1301687

tester

None

changelog

None

design

None

freeipa

Source Code

#5595 ipa-certupdate breaks Dogtag after CA-less to CA-full update Closed: Fixed None Opened 8 years ago by jcholast.

Metadata

#5595 ipa-certupdate breaks Dogtag after CA-less to CA-full update

Closed: Fixed None Opened 8 years ago by jcholast.