016e668 Add ipa-cert-fix tool

Authored and Committed by ftweedal 4 years ago
    Add ipa-cert-fix tool
    
    The ipa-cert-fix tool wraps `pki-server cert-fix`, performing
    additional certificate requests for non-Dogtag IPA certificates and
    performing additional actions.  In particular:
    
    - Run cert-fix with arguments particular to the IPA deployment.
    
    - Update IPA RA certificate in the ipara user entry (if renewed).
    
    - Add shared certificates (if renewed) to the ca_renewal LDAP
      container for replication.
    
    - Become the CA renewal master if shared certificates were renewed.
      This ensures other CA replicas, including the previous CA renewal
      master if not the current host, pick up those new certificates
      when Certmonger attempts to renew them.
    
    Fixes: https://pagure.io/freeipa/issue/7885
    Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
    
        
file modified
+1 -0
file modified
+2 -0