If ipa-certupdate is run after updating from CA-less to CA-full, it removes the CA-less CA certificate from the Dogtag NSS database, rendering Dogtag unable to connect to LDAP.
Fix ipa-certupdate to put all installed CA certificate to all relevant filesystem locations to avoid issues like this.
seen in https://bugzilla.redhat.com/show_bug.cgi?id=1256038
Linked to Bugzilla bug: https://bugzilla.redhat.com/show_bug.cgi?id=1301687 (Red Hat Enterprise Linux 7)
ipa-4-2:
ipa-4-3:
Metadata Update from @jcholast: - Issue assigned to jcholast - Issue set to the milestone: FreeIPA 4.2.4
Login to comment on this ticket.