On a single host, the set up is Master CA, KRA, OCSP and TKS under one instance and the Clone CA, KRA and TKS on another instance, there is also a SubCA configured on a third tomcat instance.
So, according to man page of pkispawn the security domain parameters are listed in the default section of the config file but the Clone CA still does not join the security domain of the master CA but creates a sec domain of its own as seen from the URL given for the Clone CA after execution of the command pkispawn.
Also although the SubCA need not join the security domain of the master, we tried making the SubCA join the security domain of the master but it created a security domain of its own.
I am attaching the clone CA and SubCA config file for reference.
attachment cloneca_instance.inf
attachment subca_instance.inf
Metadata Update from @saipandi: - Issue set to the milestone: N/A
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1642
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.