Issue #2275: add options to enable/disable cert or crl publishing. - dogtagpki

dogtagpki

#2275 add options to enable/disable cert or crl publishing.

Closed: Fixed None Opened 8 years ago by vakwetu.

Dogtag has only one switch -- ca.publish.enable for both CRLs and certs.

If cert publishing is not wanted and not set up (rules etc)., then errors can be found in the system log about publishing errors for each cert.

We need two new config parameters - ca.publishing.cert.enable and ca.publishing.crl.enable which default to True. The old ca.publishing.enable parameter will still exist.

If either is set to false, though, we would expect publishing not to be attempted. In fact, it would be better if the threads for those publishers were not even started.

tscherf commented 8 years ago

Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1325071

mharmsen commented 8 years ago

Per discussions with alee: 10.3.1

vakwetu commented 7 years ago

commit f0551f75618cd30de3efc3154f37a5f53504896c
Author: Ade Lee alee@redhat.com
Date: Wed May 18 15:33:36 2016 -0400

Add parameters to disable cert or crl publishing

Right now, if publishing is enabled, both CRLs and Cert publishing
is enabled.  This causes a bunch of spurious error messages on
IPA servers as cert publishing is not configured.

As it is impossible to determine if cert publishing is not desired
or simply misconfigured, we provide options to explicitly disable
either cert or crl publishing.

Specifically:
- to enable/disable  both cert and crl publishing:
  ca.publish.enable = True/False

  This is the legacy behavior.

- to enable CRL publishing only:
  ca.publish.enable = True
  ca.publish.cert.enable = False

- to enable cert publishing only:
  ca.publish.enable = True
  ca.publish.crl.enable = False

Ticket 2275

mharmsen commented 7 years ago

Per Offline Triage of 11/30/2016-12/01/2016: 10.4.0 - major

NOTE: This ticket was actually closed in 10.3.2, but will be re-verified in 10.4.0.

Metadata Update from @vakwetu:
- Issue assigned to vakwetu
- Issue set to the milestone: 10.4.0

7 years ago

dmoluguw commented 3 years ago

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2395

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata

Assignee

vakwetu

Tags

None

Blocking

None

Depending on

None

Priority

major

Milestone

10.4.0

lowhangingfruit

None

reporter

None

rhbz

https://bugzilla.redhat.com/show_bug.cgi?id=1325071

type

defect

version

None

keywords

None

cheimes@redhat.com

estimate

None

feature

None

origin

IPA

proposedpriority

None

fixedinversion

None

platforms

None

blockedby

None

blocking

None

reviewer

None

component

General

proposedmilestone

None

dogtagpki

Source Code

#2275 add options to enable/disable cert or crl publishing. Closed: Fixed None Opened 8 years ago by vakwetu.

Metadata

#2275 add options to enable/disable cert or crl publishing.

Closed: Fixed None Opened 8 years ago by vakwetu.