#6831 Extend ipa-server-certinstall and ipa-certupdate to handle PKINIT certificates/anchors
Closed: fixed 7 years ago Opened 7 years ago by mbabinsk.

In order to fully support PKINIT configuration in CA-less deployments, the tools that manipulate 3rd party certificates must be extended to also install PKINIT server certificates and update KDC's PKINIT anchors when 3rd party CA certificates are to be used.


Metadata Update from @mbabinsk:
- Issue priority set to: 1

7 years ago

Metadata Update from @pvoborni:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1438731

7 years ago

Metadata Update from @pvoborni:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1438731

7 years ago

Metadata Update from @pvoborni:
- Issue set to the milestone: FreeIPA 4.5.1

7 years ago

Metadata Update from @pvoborni:
- Issue assigned to mbabinsk

7 years ago

Metadata Update from @pvoborni:
- Assignee reset

7 years ago

Metadata Update from @dkupka:
- Issue assigned to dkupka

7 years ago

Metadata Update from @stlaz:
- Issue assigned to stlaz (was: dkupka)

7 years ago

Metadata Update from @jcholast:
- Issue assigned to jcholast (was: stlaz)

7 years ago

master:

  • 235265a certdb: add named trust flag constants
  • f0442a2 certdb, certs: make trust flags argument mandatory
  • 52730c7 certdb: use custom object for trust flags
  • 01a7416 install: trust IPA CA for PKINIT
  • 11b8a34 client install: fix client PKINIT configuration
  • 4d36cbf install: introduce generic Kerberos Augeas lens
  • f769045 server install: fix KDC PKINIT configuration
  • b9fd123 ipapython.ipautil.run: Add option to set umask before executing command
  • 0c5b2c4 certs: do not export keys world-readable in install_key_from_p12
  • cc57237 certs: do not export CA certs in install_pem_from_p12
  • 3b5dbf7 server install: fix KDC certificate validation in CA-less
  • b385570 replica install: respect --pkinit-cert-file
  • 9ea764e cacert manage: support PKINIT
  • 96ca62f server certinstall: support PKINIT

ipa-4-5:

  • 6338dbe certdb: add named trust flag constants
  • 749d504 certdb, certs: make trust flags argument mandatory
  • e688123 certdb: use custom object for trust flags
  • 16b295c install: trust IPA CA for PKINIT
  • 63c4cbd client install: fix client PKINIT configuration
  • 523a826 install: introduce generic Kerberos Augeas lens
  • b83ebe0 server install: fix KDC PKINIT configuration
  • 5cf5395 ipapython.ipautil.run: Add option to set umask before executing command
  • e6497f0 certs: do not export keys world-readable in install_key_from_p12
  • bc8deb1 certs: do not export CA certs in install_pem_from_p12
  • cbdf669 server install: fix KDC certificate validation in CA-less
  • 77ef29e replica install: respect --pkinit-cert-file
  • 6f900ec cacert manage: support PKINIT
  • e27b3e1 server certinstall: support PKINIT

Metadata Update from @mbasti:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

7 years ago

Log in to comment on this ticket.

Metadata