There's a case where the deployment descriptors in /etc/pki/pki-tomcat/Catalina/localhost were not updated properly during server upgrade:
The fix is to copy the new deployment descriptors from the following locations and overwrite the old files:
There should be an upgrade script to perform the above operations automatically.
If the /var/lib/pki/pki-tomcat/ca/webapps/ca contains customized webapp, the ca.xml can be edited manually afterwards to point back to the old webapp. However, there's no guarantee the old webapp will work properly with the new code.
[08/17/2016] PKI Bug Council: 10.3.6
After much discussion, it was determined that this bug would be marked "critical" and moved to the 10.3.6 Milestone.
Fixed in master (10.4):
For now the /usr/share/pki/ca/conf/Catalina/localhost/ca.xml will not be changed to avoid issues during upgrade.
Cherry-picked in to DOGTAG_10_3_BRANCH:
commit b6a038a81c6f69e636822d7615e97d591c244aa1 Author: Endi S. Dewata <edewata@redhat.com> Date: Wed Aug 24 18:42:05 2016 +0200 Added upgrade script to fix deployment descriptors. An upgrade script has been added to fix missing deployment descriptors or deployment descriptors that are pointing to non-existent or empty folders. https://fedorahosted.org/pki/ticket/2439 (cherry picked from commit b8094e82c46f8d5f18d362404582304ad28407da)
and
commit a98282328a75110775641158830e38ec524e763f Author: Endi S. Dewata <edewata@redhat.com> Date: Thu Aug 25 16:41:51 2016 +0200 Updated RPM spec for RHEL. The RPM spec has been modified to move the upgrade script into the correct folder for RHEL. https://fedorahosted.org/pki/ticket/2439 (cherry picked from commit 1df2d06c0950a4dfc3c149ff87b16ed224a37065)
Cherry-picked in to DOGTAG_10_3_RHEL_BRANCH:
Spec file changes copied in to DOGTAG_10_3_RHEL_BRANCH:
Metadata Update from @edewata: - Issue assigned to edewata - Issue set to the milestone: 10.3.6
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2559
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.