mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2024-12-23 23:50:03 -06:00
Change KRA profiles in certmonger tracking so they can renew
Internal profiles were assigned which prevented rewewals. dogtag is providing a new profile for the audit signing cert, caAuditSigningCert. There are existing profiles for the transport (caTransportCert) and storage (caStorageCert) certificates. https://pagure.io/freeipa/issue/8545 Signed-off-by: Rob Crittenden <rcritten@redhat.com> Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
This commit is contained in:
parent
daddcf6ec6
commit
b691850cc9
@ -65,9 +65,9 @@ class KRAInstance(DogtagInstance):
|
||||
# use for that certificate. 'configure_renewal()' reads this
|
||||
# dict. The profile MUST be specified.
|
||||
tracking_reqs = {
|
||||
'auditSigningCert cert-pki-kra': 'caInternalAuthAuditSigningCert',
|
||||
'transportCert cert-pki-kra': 'caInternalAuthTransportCert',
|
||||
'storageCert cert-pki-kra': 'caInternalAuthDRMstorageCert',
|
||||
'auditSigningCert cert-pki-kra': 'caAuditSigningCert',
|
||||
'transportCert cert-pki-kra': 'caTransportCert',
|
||||
'storageCert cert-pki-kra': 'caStorageCert',
|
||||
}
|
||||
|
||||
def __init__(self, realm):
|
||||
|
Loading…
Reference in New Issue
Block a user