Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1518932
Please note that this Bug is private and may not be accessible as it contains confidential Red Hat customer information.
Description of problem: When changing the Certificate Chain from Self-signed CA certificate to externally-signed CA certificate, the CA is updated but the Issuer DN field is not updated accordingly Version-Release number of selected component (if applicable): RHEL 7.4 ipa-server-4.5.0-21.el7_4.2.2.x86_64 How reproducible: everytime Steps to Reproduce: 1. ipa-cacert-manage renew 2. ipa-certupdate 3. ipa ca-show ipa Actual results: ipa ca-show ipa shows Subject DN: CN=Certificate Authority,O=IDMTEST.DOMAIN.COM Issuer DN: CN=Certificate Authority,O=IDMTEST.DOMAIN.COM Expected results: ipa ca-show ipa shows Subject DN: CN=Certificate Authority,O=IDMTEST.DOMAIN.COM Issuer: DC=xx, DC=xx, DC=xx, DC=xx, CN=External Issuing CA
Metadata Update from @frenaud: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1518932
Metadata Update from @frenaud: - Issue priority set to: critical
I'll need to look into this. Probably involves the lightweight CA data that gets returned by Dogtag.
Metadata Update from @ftweedal: - Issue assigned to ftweedal
Metadata Update from @pvoborni: - Issue tagged with: bug
PR: https://github.com/freeipa/freeipa/pull/1503
Metadata Update from @ftweedal: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/1503
master:
Fraser, please backport the fix to 4.5. ipatool failed to auto-create a backport:
Aplying to ipa-4-5: Update IPA CA issuer DN upon renewal Failed to apply patches onto origin/ipa-4-5. Manual backport is needed.
ipa-4-6:
Metadata Update from @cheimes: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Metadata Update from @cheimes: - Issue status updated to: Open (was: Closed)
ipa-4-5 PR: https://github.com/freeipa/freeipa/pull/1555
ipa-4-5
ipa-4-5:
Login to comment on this ticket.