mirror of
https://salsa.debian.org/freeipa-team/freeipa.git
synced 2025-02-25 18:55:28 -06:00
3c388f5a22
Enabling "fresh" renewals (c.f. "renewal"-based renewals that reference the expired certificate and its associated request object) will improve renewal robustness. To use fresh renewals the tracking request must record the profile to be used. Make dogtaginstance record the profile when creating tracking requests for both CA and KRA. Note that 'Server-Cert cert-pki-ca' and the 'IPA RA' both use profile 'caServerCert', which is the default (according to dogtag-ipa-renew-agent which is part of Certmonger). So we do not need any special handling for those certificates. This commit does not handle upgrade. It will be handled in a subsequent commit. Part of: https://pagure.io/freeipa/issue/7991 Reviewed-By: Rob Crittenden <rcritten@redhat.com>