The Subject Key Identifier extension is required for CA certificates. If it is missing, subsequent cert issuance fails, because the CA Subject Key Identifier is used to the construct the Authority Key Identifier extension on the issued cert.
During the second stage of external CA installation, add a check for the Subject Key Identifier extension.
Metadata Update from @ftweedal: - Issue assigned to ftweedal
Metadata Update from @ftweedal: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1455200
PR: https://github.com/freeipa/freeipa/pull/813
Metadata Update from @mbasti: - Issue set to the milestone: FreeIPA 4.6
master:
Metadata Update from @mbasti: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.