#7230 promoting CA-less to CA-ful: CA certificate is not installed in HTTP NSSDB
Closed: fixed 6 years ago Opened 6 years ago by ftweedal.

After installing a CA in a CA-less installations (using ipa-ca-install),
the new CA certificate is not installed in /etc/httpd/alias. This causes
communication failure between IPA framework and Dogtag (it cannot
verify the Dogtag server certificate).

It is necessary for the admin to run ipa-certupdate before things work. But this should
be done as a final step of ipa-ca-install.


Metadata Update from @ftweedal:
- Issue assigned to ftweedal

6 years ago

Metadata Update from @pvoborni:
- Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/1232

6 years ago

Metadata Update from @pvoborni:
- Issue priority set to: important
- Issue set to the milestone: FreeIPA 4.5.5

6 years ago

master:

  • 93d53e5 CertUpdate: make it easy to invoke from other programs
  • 8960141 ipa-ca-install: run certupdate as initial step
  • 97942a7 Run certupdate after promoting to CA-ful deployment
  • 39fdc2d ipa_certupdate: avoid classmethod and staticmethod

ipa-4-6:

  • 75e4cf1 CertUpdate: make it easy to invoke from other programs
  • 75a3ede ipa-ca-install: run certupdate as initial step
  • cd4d9cc Run certupdate after promoting to CA-ful deployment
  • 5eab20e ipa_certupdate: avoid classmethod and staticmethod

Metadata Update from @ftweedal:
- Issue close_status updated to: fixed

6 years ago

Login to comment on this ticket.

Metadata