freeipa

Clone
Source Code
GIT

#7000 Provide a simple command to issue KDC certificates on a IPA master
Closed: fixed 6 years ago Opened 6 years ago by mbabinsk.

Closed: fixed
Reopen Issue

If an admin of a PKINIT-less deployment wishes to configure PKINIT e.g. by issuing KDC certificates from IPA CA, he currently has no other option than to run upgrader. We should be able to easily extract this functionality to a separate CLI command which can be called per master and replace self-signed KDC keypair by a IPA CA issued KDC cert.

Metadata Update from @pvoborni:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1455946
6 years ago

Metadata Update from @pvoborni:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1455946
6 years ago

Issue linked to bug 1455946

Metadata Update from @mbabinsk:
- Issue priority set to: critical
- Issue set to the milestone: FreeIPA 4.5.2
6 years ago

ipa-4-5:

  • 1b62e5a server certinstall: update KDC master entry
  • c072135 pkinit manage: introduce ipa-pkinit-manage
  • cb9353d server upgrade: do not enable PKINIT by default

master:

  • e131905 server certinstall: update KDC master entry
  • 92276c1 pkinit manage: introduce ipa-pkinit-manage
  • 0772ef2 server upgrade: do not enable PKINIT by default

Metadata Update from @mbabinsk:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)
6 years ago

Login to comment on this ticket.

Metadata
None
None
None
None
important
None
None
None
None
None
None
None
None
None
None
None
None
None
None
https://bugzilla.redhat.com/show_bug.cgi?id=1455946
None
None
None
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.