#61 dogtag-ipa-renew-agent-submit should use https when --agent-submit is specified
Opened 3 years ago by frenaud. Modified 3 years ago

When the CA helper 'dogtag-ipa-renew-agent-submit' is called with the --agent-submit parameter, the default ee url is http://host:8080/ca/ee/ca and the authentication of the agent fails.

This happens because the code is using eeurl?profileSubmitSSLClient (=http://host:8080/ca/ee/ca?profileSubmitSSLClient) for SUBMIT operation with agent, whereas the connection should be authenticated through SSL. This is inconsistent as the eeurl should be https instead of http.
As a result, the submit operation is run without certificate authentication and fails.

Workaround: specify the eeurl using --ee-url https://host:8443/ca/ee/ca when --agent-submit is used.

Metadata Update from @frenaud:
- Issue set to the milestone: 0.0 NEEDS_TRIAGE

3 years ago

Login to comment on this ticket.