IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

renew agent: get rid of virtual profiles

Browse Source 
Replace all uses of virtual profiles with `dogtag-ipa-ca-renew-agent-reuse`
and remove profile from the IPA CA certificate tracking request.

This prevents virtual profiles from making their way into CSRs and in turn
being rejected by certain CAs. This affected the IPA CA CSR with Microsoft
CS in particular.

https://pagure.io/freeipa/issue/5799

Reviewed-By: David Kupka <dkupka@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
This commit is contained in:
Jan Cholasta
2017-04-24 06:40:11 +00:00
committed by David Kupka
parent 0bf41e804e
commit 21f4cbf8da
8 changed files with 46 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ipaserver/install/krainstance.py
View File

@@ -60,9 +60,9 @@ class KRAInstance(DogtagInstance):
be the same for both the CA and KRA.
"""
tracking_reqs = (('auditSigningCert cert-pki-kra', None),
('transportCert cert-pki-kra', None),
('storageCert cert-pki-kra', None))
tracking_reqs = ('auditSigningCert cert-pki-kra',
'transportCert cert-pki-kra',
'storageCert cert-pki-kra')
def __init__(self, realm):
super(KRAInstance, self).__init__(