#5666 RFE: Remove certificate blobs from CS.cfg when they are not needed
Opened 3 years ago by tscherf. Modified 2 years ago

Currently Dogtag stores blobs for the CSRs and the actual certificates in CS.cfg. Can we double-check if they are needed or anything and if not remove them from the file.


# grep "cert=" /etc/pki/pki-tomcat/ca/CS.cfg
ca.audit_signing.cert=MIIDTj[...]

# grep "certreq=" /etc/pki/pki-tomcat/ca/CS.cfg
ca.audit_signing.certreq=MIICbj[...]

Some code[1] in PKI currently assumes the existence of
these fields. They may well not be needed, but assumptions
like those in [1] will have to be weakened.

https://www.redhat.com/archives/freeipa-users/2016-March/msg00000.html

This ticket is out of scope of 4.4.0 release. Moving to 4.4.1. Note that 4.4.1 needs to be triaged, therefore not everything will be implemented.

moving out tickets not implemented in 4.4.1

4.4.2 is a stabilization milestone. If this bug is important stabilization bug then please put it to NEEDS TRIAGE milestone for retriage.

Metadata Update from @tscherf:
- Issue assigned to someone
- Issue set to the milestone: FreeIPA 4.5 backlog

2 years ago

Login to comment on this ticket.

Metadata