Ticket was cloned from Red Hat Bugzilla (product Red Hat Enterprise Linux 7): Bug 1512952
Description of problem: cert renewal is failing when ipa ca cert is renewed from self-signed > external ca > self-sign Version-Release number of selected component (if applicable): ipa-server-4.5.0-22.el7_4.x86_64 How reproducible: always Steps to Reproduce: 1. Install ipa master with self-signed ca 2. Use ipa-cacert-update with --external-ca and sign given CSR with External CA 3. Again convert external CA to self-signed CA 4. forward the date to the grace period of RA agent cert. 5. check the certificate status i.e getcert list Actual results: status': CA_UNREACHABLE ca-error: Error 7 connecting to http://master.testrelm.test:8080/ca/ee/ca/profileSubmit: Couldn't connect to server. Expected results: certs should be renewed Additional info: Tried on 7.3 and found same behaviour.
Metadata Update from @pcech: - Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1512952
Metadata Update from @pcech: - Issue tagged with: Falcon
Metadata Update from @frenaud: - Issue assigned to frenaud
Metadata Update from @frenaud: - Custom field on_review adjusted to https://github.com/freeipa/freeipa/pull/3157
Metadata Update from @frenaud: - Issue set to the milestone: FreeIPA 4.6.6
Setting milestone to 4.6.6 as the BZ was opened against RHEL 7
master:
ipa-4-7:
ipa-4-6:
Metadata Update from @frenaud: - Issue close_status updated to: fixed - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.