87540fe Fix ipa-server-upgrade with server cert tracking

4 files Authored by frenaud 2 years ago , Committed by stlaz 2 years ago ,
    Fix ipa-server-upgrade with server cert tracking
    
    ipa-server-upgrade fails with Server-Cert not found, when trying to
    track httpd/ldap server certificates. There are 2 issues in the upgrade:
    - the certificates should be tracked only if they were issued by IPA CA
    (it is possible to have CA configured but 3rd part certs)
    - the certificate nickname can be different from Server-Cert
    
    The fix provides methods to find the server crt nickname for http and ldap,
    and a method to check if the server certs are issued by IPA and need to be
    tracked by certmonger.
    
    https://pagure.io/freeipa/issue/7141
    
    Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
    Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
    
        
file modified
+26 -0