Currently PKI only supports partial migration of an existing CA. See http://pki.fedoraproject.org/wiki/Installing_CA_with_Existing_CA_Certificate
The above installation process will only migrate the CA signing certificate. The other system certificates (i.e. OCSP signing, audit signing, SSL server, and subsystem) will be regenerated on the new CA.
In some cases it might be desired to migrate the other system certificates as well, especially if the keys are already stored in HSM.
This is needed for ticket #2454.
Metadata Update from @edewata: - Issue set to the milestone: UNTRIAGED
Metadata Update from @mharmsen: - Custom field feature adjusted to '' - Custom field reviewer adjusted to '' - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1464549 - Custom field version adjusted to '' - Issue close_status updated to: None - Issue priority set to: critical (was: major) - Issue set to the milestone: 10.4 (was: UNTRIAGED)
Metadata Update from @mharmsen: - Issue set to the milestone: 10.5 (was: 10.4)
Code review:
Fixed in master:
Docs:
Metadata Update from @edewata: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @edewata: - Issue set to the milestone: 10.5.0 (was: 10.5)
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/2400
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.