Change KRA profiles in certmonger tracking so they can renew

Internal profiles were assigned which prevented rewewals.

dogtag is providing a new profile for the audit signing cert,
caAuditSigningCert.

There are existing profiles for the transport (caTransportCert)
and storage (caStorageCert) certificates.

https://pagure.io/freeipa/issue/8545

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <flo@redhat.com>
This commit is contained in:
Rob Crittenden 2020-10-15 08:41:48 -04:00 committed by Florence Blanc-Renaud
parent daddcf6ec6
commit b691850cc9

View File

@ -65,9 +65,9 @@ class KRAInstance(DogtagInstance):
# use for that certificate. 'configure_renewal()' reads this
# dict. The profile MUST be specified.
tracking_reqs = {
'auditSigningCert cert-pki-kra': 'caInternalAuthAuditSigningCert',
'transportCert cert-pki-kra': 'caInternalAuthTransportCert',
'storageCert cert-pki-kra': 'caInternalAuthDRMstorageCert',
'auditSigningCert cert-pki-kra': 'caAuditSigningCert',
'transportCert cert-pki-kra': 'caTransportCert',
'storageCert cert-pki-kra': 'caStorageCert',
}
def __init__(self, realm):