This is a clone of ticket #1742 to backport the fix to Dogtag 10.2.x on Fedora 23.
If pki_clone_uri in pkispawn config file points to a host which uses a server cert signed by a 3rd party CA, pkispawn will fail even if the 3rd party CA cert is present in the PKCS#12 file specified by pki_clone_pkcs12_path.
This causes a failure in IPA replica install:
Steps to Reproduce:
1. Run pkispawn with the config described above
Actual results:
pkispawn fails
Expected results:
pkispawn succeeds
Checked into DOGTAG_10_2_5_RHEL_BRANCH:
Spec file changes checked into DOGTAG_10_2_5_RHEL_BRANCH:
- d794dfe2dbb311511ad7987207afd9a9de3fe604
Checked into DOGTAG_10_2_RHEL_BRANCH:
Spec file changes checked into DOGTAG_10_2_RHEL_BRANCH:
RHEL 7.2:
RHCS 9.0.1:
Checked into DOGTAG_10_2_6_BRANCH:
Checked into DOGTAG_10_2_BRANCH:
Resolved in:
Fix for Python hash:
[pki-core-10.2.5-10.el7_2](https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=491283)
[pki-core-10.2.6-13.el7pki](https://brewweb.engineering.redhat.com/brew/buildinfo?buildID=491317)
Metadata Update from @edewata: - Issue assigned to edewata - Issue set to the milestone: 10.2.x
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2326
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Log in to comment on this ticket.