87540fe Fix ipa-server-upgrade with server cert tracking

4 files Authored by frenaud 3 years ago, Committed by stlaz 3 years ago,
    Fix ipa-server-upgrade with server cert tracking
    ipa-server-upgrade fails with Server-Cert not found, when trying to
    track httpd/ldap server certificates. There are 2 issues in the upgrade:
    - the certificates should be tracked only if they were issued by IPA CA
    (it is possible to have CA configured but 3rd part certs)
    - the certificate nickname can be different from Server-Cert
    The fix provides methods to find the server crt nickname for http and ldap,
    and a method to check if the server certs are issued by IPA and need to be
    tracked by certmonger.
    Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
    Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
file modified
+26 -0