IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

ipa-cacert-manage renew: switch from ext-signed CA to self-signed

Browse Source 
The scenario switching from externally signed CA to self-signed CA is
currently failing because the certmonger helper goes through the wrong
code path when the cert is not self-signed.

When the cert is not self-signed but the admin wants to switch to self-signed
a new cert needs to be requested, not retrieved from LDAP.

https://pagure.io/freeipa/issue/7173

Reviewed-By: Fraser Tweedale <ftweedal@redhat.com>
This commit is contained in:
Florence Blanc-Renaud
2017-10-02 16:12:25 +02:00
committed by Tomas Krizek
parent c8dbd0cfbe
commit 49cf5ec64b
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
install/certmonger/dogtag-ipa-ca-renew-agent-submit
View File

@@ -438,7 +438,7 @@ def renew_ca_cert(reuse_existing, **kwargs):
if operation == 'SUBMIT':
state = 'retrieve'
if is_self_signed and not reuse_existing and is_renewal_master():
if not reuse_existing and is_renewal_master():
state = 'request'
csr_file = paths.IPA_CA_CSR