#8524 Deploy & manage the ACME service topology wide from a single system
Closed: fixed 5 months ago by rcritten. Opened 6 months ago by rcritten.

As administrator, I want to be able to deploy and manage the ACME service topology wide from a single system, so the way how management is done is the consistent with the rest of IPA environment.

ACME is not enabled by default so the ipa-acme-manage command will remain but it only needs to be executed once to turn on/off ACME on all CA masters.

This relies on changes in dogtag in https://github.com/dogtagpki/pki/pull/562


Metadata Update from @rcritten:
- Custom field rhbz adjusted to https://bugzilla.redhat.com/show_bug.cgi?id=1851835

5 months ago

master:

  • 2ef5319 Enable importing LDIF files not shipped by IPA
  • e13d058 Let dogtag.py be imported if the api is not initialized
  • c0d55ce Centralize enable/disable of the ACME service
  • 92c3ea4 Don't install ACME if full support is not available
  • 69ae48c Add a status option to ipa-acme-manage
  • e7fd791 ipatests: Check if ACME is enabled on all CA servers
  • d4ef64b ipatests: Collect the let's encrypt log

Metadata Update from @rcritten:
- Issue close_status updated to: fixed
- Issue status updated to: Closed (was: Open)

5 months ago

master:

  • b691850 Change KRA profiles in certmonger tracking so they can renew
  • 0037b69 Test that the KRA profiles can renewal its three certificates
  • 6816de0 Require PKI 10.10+ for KRA profile and ACME support

ipa-4-8:

  • 69adf81 Change KRA profiles in certmonger tracking so they can renew
  • c3c577a Test that the KRA profiles can renewal its three certificates
  • c165901 Require PKI 10.10+ for KRA profile and ACME support

ipa-4-9:

  • a9e1c01 Change KRA profiles in certmonger tracking so they can renew
  • bd4771d Test that the KRA profiles can renewal its three certificates
  • 3e530e9 Require PKI 10.10+ for KRA profile and ACME support

Login to comment on this ticket.

Metadata