#5982 [tracker] KRA: installation of second KRA fails
Closed: Fixed None Opened 7 years ago by pvoborni.

  1. Installation of first KRA succeeds.
  2. Installation of second fails with:

    pki-kra-10.3.2-4.fc24.noarch
    freeipa-server-4.3.90.201606161720GIT9b7c12b-0.fc24.x86_64

    2/8]: configuring KRA instance
    2016-06-20T14:34:37Z DEBUG Contents of pkispawn configuration file (/tmp/tmp8ifezo):
    [KRA]
    pki_security_domain_https_port = 443
    pki_security_domain_password = XXXXXXXX
    pki_security_domain_user = admin-ipa3.example.test
    pki_issuing_ca_uri = https://ipa3.example.test:443
    pki_enable_proxy = True
    pki_restart_configured_instance = False
    pki_backup_keys = True
    pki_backup_password = XXXXXXXX
    pki_client_database_dir = /tmp/tmp-d85D2Q
    pki_client_database_password = XXXXXXXX
    pki_client_database_purge = False
    pki_client_pkcs12_password = XXXXXXXX
    pki_admin_name = admin-ipa3.example.test
    pki_admin_uid = admin-ipa3.example.test
    pki_admin_email = root@localhost
    pki_admin_password = XXXXXXXX
    pki_admin_nickname = ipa-ca-agent
    pki_admin_subject_dn = cn=ipa-ca-agent,O=EXAMPLE.TEST
    pki_import_admin_cert = True
    pki_admin_cert_file = /root/.dogtag/pki-tomcat/ca_admin.cert
    pki_client_admin_cert_p12 = /root/ca-agent.p12
    pki_ds_ldap_port = 389
    pki_ds_password = XXXXXXXX
    pki_ds_base_dn = o=kra,o=ipaca
    pki_ds_database = ipaca
    pki_ds_create_new_db = False
    pki_ds_ldaps_port = 636
    pki_ds_secure_connection = True
    pki_ds_secure_connection_ca_pem_file = /etc/ipa/ca.crt
    pki_subsystem_subject_dn = cn=CA Subsystem,O=EXAMPLE.TEST
    pki_ssl_server_subject_dn = cn=ipa3.example.test,O=EXAMPLE.TEST
    pki_audit_signing_subject_dn = cn=KRA Audit,O=EXAMPLE.TEST
    pki_transport_subject_dn = cn=KRA Transport Certificate,O=EXAMPLE.TEST
    pki_storage_subject_dn = cn=KRA Storage Certificate,O=EXAMPLE.TEST
    pki_subsystem_nickname = subsystemCert cert-pki-ca
    pki_ssl_server_nickname = Server-Cert cert-pki-ca
    pki_audit_signing_nickname = auditSigningCert cert-pki-kra
    pki_transport_nickname = transportCert cert-pki-kra
    pki_storage_nickname = storageCert cert-pki-kra
    pki_share_db = True
    pki_share_dbuser_dn = uid=pkidbuser,ou=people,o=ipaca
    pki_security_domain_hostname = ipa4.example.test
    pki_clone = True
    pki_clone_pkcs12_path = /tmp/tmpBw6JMm
    pki_clone_pkcs12_password = XXXXXXXX
    pki_clone_setup_replication = False
    pki_clone_uri = https://ipa4.example.test:443

    2016-06-20T14:34:37Z DEBUG Starting external process
    2016-06-20T14:34:37Z DEBUG args=/usr/sbin/pkispawn -s KRA -f /tmp/tmp8ifezo
    2016-06-20T14:37:06Z DEBUG Process finished, return code=1
    2016-06-20T14:37:06Z DEBUG stdout=Log file: /var/log/pki/pki-kra-spawn.20160620163437.log

Was run on ipa3.example.test

pki-kra-spawn.20160620163437.log:

2016-06-20 16:34:47 pkispawn    : INFO     ... configuring 'pki.server.deployment.scriptlets.configuration'
2016-06-20 16:34:47 pkispawn    : INFO     ....... mkdir -p /root/.dogtag/pki-tomcat/kra
2016-06-20 16:34:47 pkispawn    : DEBUG    ........... chmod 755 /root/.dogtag/pki-tomcat/kra
2016-06-20 16:34:47 pkispawn    : DEBUG    ........... chown 0:0 /root/.dogtag/pki-tomcat/kra
2016-06-20 16:34:47 pkispawn    : INFO     ....... generating '/root/.dogtag/pki-tomcat/kra/password.conf'
2016-06-20 16:34:47 pkispawn    : INFO     ....... modifying '/root/.dogtag/pki-tomcat/kra/password.conf'
2016-06-20 16:34:47 pkispawn    : DEBUG    ........... chmod 660 /root/.dogtag/pki-tomcat/kra/password.conf
2016-06-20 16:34:47 pkispawn    : DEBUG    ........... chown 0:0 /root/.dogtag/pki-tomcat/kra/password.conf
2016-06-20 16:34:47 pkispawn    : INFO     ....... generating '/root/.dogtag/pki-tomcat/kra/pkcs12_password.conf'
2016-06-20 16:34:47 pkispawn    : INFO     ....... modifying '/root/.dogtag/pki-tomcat/kra/pkcs12_password.conf'
2016-06-20 16:34:47 pkispawn    : DEBUG    ........... chmod 660 /root/.dogtag/pki-tomcat/kra/pkcs12_password.conf
2016-06-20 16:34:47 pkispawn    : DEBUG    ........... chown 17:17 /root/.dogtag/pki-tomcat/kra/pkcs12_password.conf
2016-06-20 16:34:47 pkispawn    : INFO     ....... executing 'certutil -N -d /tmp/tmp-d85D2Q -f /root/.dogtag/pki-tomcat/kra/password.conf'
2016-06-20 16:34:47 pkispawn    : INFO     ....... executing 'systemctl daemon-reload'
2016-06-20 16:34:47 pkispawn    : INFO     ....... executing 'systemctl restart pki-tomcatd@pki-tomcat.service'
2016-06-20 16:34:49 pkispawn    : DEBUG    ........... No connection - server may still be down
2016-06-20 16:34:49 pkispawn    : DEBUG    ........... No connection - exception thrown: HTTPSConnectionPool(host='ipa3.example.test', port=8443): Max retries exceeded with url: /kra/admin/kra/getStatus (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7f3ac4b14c50>: Failed to establish a new connection: [Errno 111] Connection refused',))
2016-06-20 16:34:50 pkispawn    : DEBUG    ........... No connection - server may still be down
2016-06-20 16:34:50 pkispawn    : DEBUG    ........... No connection - exception thrown: HTTPSConnectionPool(host='ipa3.example.test', port=8443): Max retries exceeded with url: /kra/admin/kra/getStatus (Caused by NewConnectionError('<requests.packages.urllib3.connection.VerifiedHTTPSConnection object at 0x7f3ac4b14350>: Failed to establish a new connection: [Errno 111] Connection refused',))
2016-06-20 16:35:05 pkispawn    : DEBUG    ........... <?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>0</State><Type>KRA</Type><Status>running</Status><Version>10.3.2-4.fc24</Version></XMLResponse>
2016-06-20 16:35:06 pkispawn    : INFO     ....... constructing PKI configuration data.
2016-06-20 16:35:06 pkispawn    : INFO     ....... configuring PKI configuration data.
2016-06-20 16:37:06 pkispawn    : ERROR    ....... Exception from Java Configuration Servlet: 500 Server Error: Internal Server Error for url: https://ipa3.example.test:8443/kra/rest/installer/configure
2016-06-20 16:37:06 pkispawn    : ERROR    ....... ParseError: not well-formed (invalid token): line 1, column 0: {"Attributes":{"Attribute":[]},"ClassName":"com.netscape.certsrv.base.PKIException","Code":500,"Message":"Errors in pushing KRA connector information to the CA: javax.ws.rs.InternalServerErrorException: HTTP 500 Internal Server Error"} 
2016-06-20 16:37:06 pkispawn    : DEBUG    ....... Error Type: ParseError
2016-06-20 16:37:06 pkispawn    : DEBUG    ....... Error Message: not well-formed (invalid token): line 1, column 0
2016-06-20 16:37:06 pkispawn    : DEBUG    .......   File "/usr/sbin/pkispawn", line 528, in main
    scriptlet.spawn(deployer)
  File "/usr/lib/python2.7/site-packages/pki/server/deployment/scriptlets/configuration.py", line 384, in spawn
    json.dumps(data, cls=pki.encoder.CustomTypeEncoder))
  File "/usr/lib/python2.7/site-packages/pki/server/deployment/pkihelper.py", line 3965, in configure_pki_data
    root = ET.fromstring(text)
  File "/usr/lib64/python2.7/xml/etree/ElementTree.py", line 1300, in XML
    parser.feed(text)
  File "/usr/lib64/python2.7/xml/etree/ElementTree.py", line 1642, in feed
    self._raiseerror(v)
  File "/usr/lib64/python2.7/xml/etree/ElementTree.py", line 1506, in _raiseerror
    raise err

KRA debug log:

[20/Jun/2016:16:37:04][http-bio-8443-exec-3]: === Finalization ===
[20/Jun/2016:16:37:04][http-bio-8443-exec-3]: Updating existing security domain
[20/Jun/2016:16:37:04][http-bio-8443-exec-3]: Update security domain using admin interface
[20/Jun/2016:16:37:04][http-bio-8443-exec-3]: ConfigurationUtils: updateDomainXML start hostname=ipa4.example.test port=443
[20/Jun/2016:16:37:04][http-bio-8443-exec-3]: ConfigurationUtils: POST https://ipa4.example.test:443/ca/admin/ca/updateDomainXML
[20/Jun/2016:16:37:06][http-bio-8443-exec-3]: ConfigurationUtils: updateDomainXML: status=0
[20/Jun/2016:16:37:06][http-bio-8443-exec-3]: updateSecurityDomain(): Dump contents of updated Security Domain . . .
[20/Jun/2016:16:37:06][http-bio-8443-exec-3]: ConfigurationUtils: getting domain info
[20/Jun/2016:16:37:06][http-bio-8443-exec-3]: ConfigurationUtils: GET https://ipa4.example.test:443/ca/admin/ca/getDomainXML
[20/Jun/2016:16:37:06][http-bio-8443-exec-3]: ConfigurationUtils: status: 0
[20/Jun/2016:16:37:06][http-bio-8443-exec-3]: ConfigurationUtils: domain info: <?xml version="1.0" encoding="UTF-8" standalone="no"?><DomainInfo><Name>IPA</Name><CAList><CA><Host>ipa1.example.test</Host><UnSecur
ePort>80</UnSecurePort><SecurePort>443</SecurePort><SecureEEClientAuthPort>443</SecureEEClientAuthPort><SecureAgentPort>443</SecureAgentPort><SecureAdminPort>443</SecureAdminPort><Clone>FALSE</Clone><SubsystemNa
me>CA ipa1.example.test 8443</SubsystemName><DomainManager>TRUE</DomainManager></CA><CA><Host>ipa2.example.test</Host><UnSecurePort>80</UnSecurePort><SecurePort>443</SecurePort><SecureEEClientAuthPort>443</Secur
eEEClientAuthPort><SecureAgentPort>443</SecureAgentPort><SecureAdminPort>443</SecureAdminPort><Clone>TRUE</Clone><SubsystemName>CA ipa2.example.test 8443</SubsystemName><DomainManager>TRUE</DomainManager></CA><C
A><Host>ipa3.example.test</Host><UnSecurePort>80</UnSecurePort><SecurePort>443</SecurePort><SecureEEClientAuthPort>443</SecureEEClientAuthPort><SecureAgentPort>443</SecureAgentPort><SecureAdminPort>443</SecureAd
minPort><Clone>TRUE</Clone><SubsystemName>CA ipa3.example.test 8443</SubsystemName><DomainManager>TRUE</DomainManager></CA><CA><Host>ipa4.example.test</Host><UnSecurePort>80</UnSecurePort><SecurePort>443</Secure
Port><SecureEEClientAuthPort>443</SecureEEClientAuthPort><SecureAgentPort>443</SecureAgentPort><SecureAdminPort>443</SecureAdminPort><Clone>TRUE</Clone><SubsystemName>CA ipa4.example.test 8443</SubsystemName><Do
mainManager>TRUE</DomainManager></CA><CA><Host>ipa5.example.test</Host><UnSecurePort>80</UnSecurePort><SecurePort>443</SecurePort><SecureEEClientAuthPort>443</SecureEEClientAuthPort><SecureAgentPort>443</SecureA
gentPort><SecureAdminPort>443</SecureAdminPort><Clone>TRUE</Clone><SubsystemName>CA ipa5.example.test 8443</SubsystemName><DomainManager>TRUE</DomainManager></CA><SubsystemCount>5</SubsystemCount></CAList><KRALi
st><KRA><Host>ipa4.example.test</Host><UnSecurePort>80</UnSecurePort><SecurePort>443</SecurePort><SecureEEClientAuthPort>443</SecureEEClientAuthPort><SecureAgentPort>443</SecureAgentPort><SecureAdminPort>443</Se
cureAdminPort><Clone>FALSE</Clone><SubsystemName>KRA ipa4.example.test 8443</SubsystemName><DomainManager>FALSE</DomainManager></KRA><KRA><Host>ipa3.example.test</Host><UnSecurePort>80</UnSecurePort><SecurePort>
443</SecurePort><SecureEEClientAuthPort>443</SecureEEClientAuthPort><SecureAgentPort>443</SecureAgentPort><SecureAdminPort>443</SecureAdminPort><Clone>TRUE</Clone><SubsystemName>KRA ipa3.example.test 8443</Subsy
stemName><DomainManager>FALSE</DomainManager></KRA><SubsystemCount>2</SubsystemCount></KRAList><OCSPList><SubsystemCount>0</SubsystemCount></OCSPList><TKSList><SubsystemCount>0</SubsystemCount></TKSList><RAList>
<SubsystemCount>0</SubsystemCount></RAList><TPSList><SubsystemCount>0</SubsystemCount></TPSList></DomainInfo>
[20/Jun/2016:16:37:06][http-bio-8443-exec-3]: updateConnectorInfo(): Transport certificate is being setup in https://ipa3.example.test:443
[20/Jun/2016:16:37:06][http-bio-8443-exec-3]: updateConnectorInfo start
[20/Jun/2016:16:37:06][http-bio-8443-exec-3]: ConfigurationUtils: POST https://ipa3.example.test:443/ca/admin/ca/updateConnector
javax.ws.rs.InternalServerErrorException: HTTP 500 Internal Server Error
        at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.handleErrorStatus(ClientInvocation.java:189)
        at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.extractResult(ClientInvocation.java:154)
        at org.jboss.resteasy.client.jaxrs.internal.ClientInvocation.invoke(ClientInvocation.java:444)
        at org.jboss.resteasy.client.jaxrs.internal.ClientInvocationBuilder.post(ClientInvocationBuilder.java:201)
        at com.netscape.certsrv.client.PKIConnection.post(PKIConnection.java:476)
        at com.netscape.cms.servlet.csadmin.ConfigurationUtils.post(ConfigurationUtils.java:248)
        at com.netscape.cms.servlet.csadmin.ConfigurationUtils.updateConnectorInfo(ConfigurationUtils.java:3974)
        at com.netscape.cms.servlet.csadmin.ConfigurationUtils.updateConnectorInfo(ConfigurationUtils.java:3967)
        at org.dogtagpki.server.kra.rest.KRAInstallerService.finalizeConfiguration(KRAInstallerService.java:47)
        at org.dogtagpki.server.rest.SystemConfigService.configure(SystemConfigService.java:226)
        at org.dogtagpki.server.rest.SystemConfigService.configure(SystemConfigService.java:121)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.jboss.resteasy.core.MethodInjectorImpl.invoke(MethodInjectorImpl.java:137)
        at org.jboss.resteasy.core.ResourceMethodInvoker.invokeOnTarget(ResourceMethodInvoker.java:280)
        at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:234)
        at org.jboss.resteasy.core.ResourceMethodInvoker.invoke(ResourceMethodInvoker.java:221)
        at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:356)
        at org.jboss.resteasy.core.SynchronousDispatcher.invoke(SynchronousDispatcher.java:179)
        at org.jboss.resteasy.plugins.server.servlet.ServletContainerDispatcher.service(ServletContainerDispatcher.java:220)
        at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:56)
        at org.jboss.resteasy.plugins.server.servlet.HttpServletDispatcher.service(HttpServletDispatcher.java:51)
        at javax.servlet.http.HttpServlet.service(HttpServlet.java:729)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:286)
        at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:283)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
        at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:318)
        at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:173)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:286)
        at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56)
        at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:190)
        at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:186)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
        at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.lang.reflect.Method.invoke(Method.java:498)
        at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:286)
        at org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:283)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
        at org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:318)
        at org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:258)
        at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:237)
        at org.apache.catalina.core.ApplicationFilterChain.access$000(ApplicationFilterChain.java:56)
        at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:190)
        at org.apache.catalina.core.ApplicationFilterChain$1.run(ApplicationFilterChain.java:186)
        at java.security.AccessController.doPrivileged(Native Method)
        at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:185)
        at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:213)
        at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:106)
        at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:502)
        at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:141)
        at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:79)
        at org.apache.catalina.valves.AbstractAccessLogValve.invoke(AbstractAccessLogValve.java:616)
        at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:88)
        at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:522)
        at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1095)
        at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:672)
        at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:277)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
        at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61)
        at java.lang.Thread.run(Thread.java:745)
[20/Jun/2016:16:37:06][http-bio-8443-exec-3]: Errors in pushing KRA connector information to the CA: javax.ws.rs.InternalServerErrorException: HTTP 500 Internal Server Error

Env:

[pvoborni@ipa2 ~]$ ipa server-find --servroles="CA server" --pkey-only
---------------------
5 IPA servers matched
---------------------
  Server name: ipa1.example.test

  Server name: ipa2.example.test

  Server name: ipa3.example.test

  Server name: ipa4.example.test

  Server name: ipa5.example.test
----------------------------
Number of entries returned 5
----------------------------


[pvoborni@ipa2 ~]$ ipa server-find --servroles="KRA server" --pkey-only
--------------------
1 IPA server matched
--------------------
  Server name: ipa4.example.test
----------------------------
Number of entries returned 1
----------------------------

CA debug log snippet from ipa3.example.test:

[20/Jun/2016:16:35:02][localhost-startStop-1]: LdapAuthInfo: init begins
[20/Jun/2016:16:35:02][localhost-startStop-1]: LdapAuthInfo: init ends
[20/Jun/2016:16:35:02][localhost-startStop-1]: init: before makeConnection errorIfDown is true
[20/Jun/2016:16:35:02][localhost-startStop-1]: makeConnection: errorIfDown true
[20/Jun/2016:16:35:02][localhost-startStop-1]: LdapJssSSLSocket set client auth cert nicknamesubsystemCert cert-pki-ca
Could not connect to LDAP server host ipa3.example.test port 636 Error netscape.ldap.LDAPException: IO Error creating JSS SSL Socket (-1)
        at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.makeConnection(LdapBoundConnFactory.java:205)
        at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:166)
        at com.netscape.cmscore.ldapconn.LdapBoundConnFactory.init(LdapBoundConnFactory.java:130)
        at com.netscape.cmscore.dbs.DBSubsystem.init(DBSubsystem.java:654)
        at com.netscape.cmscore.apps.CMSEngine.initSubsystem(CMSEngine.java:1166)
        at com.netscape.cmscore.apps.CMSEngine.initSubsystems(CMSEngine.java:1072)
        at com.netscape.cmscore.apps.CMSEngine.init(CMSEngine.java:568)

This is caused by the inclusion of CA signing certificate in the PKCS #12 for KRA clone which causes the trust flags of the CA signing certificate in the clone's NSS database to be overwritten.

To fix the problem PKI will be fixed to ignore the CA signing certificate in PKCS #12 file if it already exists in the NSS database:
https://fedorahosted.org/pki/ticket/2374

In the future IPA can be fixed not to include the CA signing certificate into the PKCS #12 file.

PKI ticket #2374 has been fixed. Please change the dependency to PKI 10.3.4.

PKI dependency was already raised to 10.3.4 in "Set default OCSP URI on install and upgrade" patch: 45daffa

Metadata Update from @pvoborni:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.4

7 years ago

Login to comment on this ticket.

Metadata