In order to install a KRA into an existing IPA CA server the proxy configuration needs to be extended to include the KRA URIs.
There is also a bug on the dogtag side which prevents installation due to a hardcoded server nickname, https://fedorahosted.org/pki/ticket/631
It is possible to work around this bug by applying the IPA patch, then:
At some point tomcat is going to be restarted but the installer can't connect to it. You've got about 30 seconds to change /var/lib/pki/pki-tomcat/conf/serverCertNick.conf to use the nickname cert-pki-ca then restart tomcat:
After this the installation will continue and you'll have both CA and KRA services available.
attachment kra.cfg
attachment freeipa-edewata-0351-Fixed-proxy-configuration-for-KRA.patch
Metadata Update from @rcritten: - Issue assigned to someone - Issue set to the milestone: FreeIPA OpenStack Integration
Thank you taking time to submit this request for FreeIPA. Unfortunately this bug was not given priority and the team lacks the capacity to work on it at this time.
Given that we are unable to fulfil this request I am closing the issue as wontfix. To request re-consideration of this decision please reopen this issue and provide additional technical details about its importance to you.
Metadata Update from @rcritten: - Issue close_status updated to: wontfix - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.