Duplicate ticket: #4004. We should rescope this change.

Starting to shape next release

Discussed with Fraser, this may be just natural part of the subCA work (#4559).

This work can wait - 4.2 is almost out of the door, no time for refactoring.

When switching, jcholast realized we should also move certmonger dogtag backend to REST interface. This will make it require Dogtag 10+, but I do not think there is many Dogtag 9 servers out there (except RHEL-6/CentOS-6 based ones).

certmonger #45

This ticket is out of scope of 4.4.0 release. Moving to 4.4.1. Note that 4.4.1 needs to be triaged, therefore not everything will be implemented.

ipa-4-4:

• faa9888 Allow Dogtag RestClient to perform requests without logging in
• d812675 Add HTTPRequestError class
• dd5ed21 Use Dogtag REST API for certificate requests

master:

• 2a42a7e Allow Dogtag RestClient to perform requests without logging in
• c5cbc8d Add HTTPRequestError class
• 4c35afc Use Dogtag REST API for certificate requests

Aforementioned commits only address this ticket in part.
There are several more functions to be migrated to Dogtag REST API.

Reopening ticket.

Moving to next major version. Fixing this bug is not critical in stabilization release.

For cert retrieval to move to REST API, we depend on upstream
change: https://fedorahosted.org/pki/ticket/2601

master:

• 49f87f3 dogtag: remove redundant property definition

master:

• 49f87f3 dogtag: remove redundant property definition

master:

• 3ba0375 rabase.get_certificate: make serial number arg mandatory

Some ground work landed in 4.4 and 4.5 milestones, but the whole task is not finished. Moving to 4.7 - next major.

FreeIPA 4.7 has been released, moving to FreeIPA 4.7.1 milestone

master:

• d7f3a0b ra.get_certificate: use REST API

Closed https://pagure.io/freeipa/issue/9345 as a duplicate