I update to F18 my old ipa server that has been upgraded since F15.
It has stil a separate directory instance for the CA.
When certmonger decided to renrew the CA certificate renew_ca_cert failed to update the CA instance users with the renewd certs.
the reason is that renew_ca_cert tried to perform all its operations against the main IPA instance and not the CA instanace on port 7389 where these objects actually are. all renew_ca_cert operation terminated with 'no such entry' until certmonger failed to update certs as the RA certificate didn't match the cA user anymore.
Ticket has been cloned to Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=986459
Jan, can you please check this one?
This issue is only related to Fedora 18 upgraded from older FreeIPA version.
Simo, did you manage to test jcholast's patch? We do not have an environment with reproduction of this bug, so it would require your help (AFAIK, Petr3 provided some test RPMS with the patch included).
Patch is obsolete, removing on_review flag.
A fix is included in Honza's certificate renewal refactoring.
master:
Moving to milestone when the fix was pushed.
Metadata Update from @simo: - Issue assigned to jcholast - Issue set to the milestone: FreeIPA 4.0 - 2014/03
Login to comment on this ticket.