To uninstall KRA, pkidestroy needs to remove the connector from CA by calling:
pki --ignore-cert-status UNTRUSTED_ISSUER kraconnector-del
The UNTRUSTED_ISSUER must be ignored because otherwise the CLI will prompt the pkidestroy to trust the CA certificate, which will cause it to hang.
A possible solution is to import the CA certificate during KRA installation using this command:
pki client-import-cert --ca-server
Another possible solution is to prompt the user during pkidestroy whether to trust the CA certificate.
pkidestroy also calls:
pki --ignore-cert-status UNTRUSTED_ISSUER securitydomain-get-install-token
This is no longer valid as the code has been changed.
Metadata Update from @edewata: - Issue assigned to mharmsen - Issue set to the milestone: N/A
Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.
This issue has been cloned to GitHub and is available here: https://github.com/dogtagpki/pki/issues/1165
If you want to receive further updates on the issue, please navigate to the GitHub issue and click on Subscribe button.
Subscribe
Thank you for understanding, and we apologize for any inconvenience.
Login to comment on this ticket.