#6393 Make httpd publish CA certificate on Domain Level 1
Closed: Fixed None Opened 7 years ago by stlaz.

When httpd instance gets created on domain level 1, it is set not to publish its CA certificate.

This may possibly cause problems in a corner case during client installation when the certificate fails to download from LDAP and is also not supplied by the user.


master:

  • 5d15626 Make httpd publish its CA certificate on DL1

ipa-4-4:

  • c84d920 Make httpd publish its CA certificate on DL1

This breaks the replica installation on DL1 with

2016-10-31T11:35:07Z DEBUG   [12/20]: publish CA cert
2016-10-31T11:35:07Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2016-10-31T11:35:07Z DEBUG Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 448, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 438, in run_step
    method()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/httpinstance.py", line 387, in __publish_ca_cert
    ca_db.publish_ca_cert(paths.CA_CRT)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/certs.py", line 654, in publish_ca_cert
    shutil.copy(self.cacert_fname, location)
  File "/usr/lib64/python2.7/shutil.py", line 119, in copy
    copyfile(src, dst)
  File "/usr/lib64/python2.7/shutil.py", line 82, in copyfile
    with open(src, 'rb') as fsrc:
IOError: [Errno 2] No such file or directory: '/etc/httpd/alias/cacert.asc'

master:

  • 842bf3d Fix missing file that fails DL1 replica installation

ipa-4-4:

  • 19a32da Fix missing file that fails DL1 replica installation

Metadata Update from @stlaz:
- Issue assigned to stlaz
- Issue set to the milestone: FreeIPA 4.4.3

6 years ago

Login to comment on this ticket.

Metadata