IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity
Files
af99032d901d55e56bccdc272cfbf3617de05b53
freeipa/ipaserver/install
History
Florence Blanc-Renaud af99032d90 ipa-server-install: publish complete cert chain in /usr/share/ipa/html/ca.crt 
When IPA is installed with an externally signed CA, the master installer
does not publish the whole cert chain in /usr/share/ipa/html/ca.crt (but
/etc/ipa/ca.crt contains the full chain).

If a client is installed with a One-Time Password and without the
--ca-cert-file option, the client installer downloads the cert chain
from http://master.example.com/ipa/config/ca.crt, which is in fact
/usr/share/ipa/html/ca.crt. The client installation then fails.
Note that when the client is installed by providing admin/password,
installation succeeds because the cert chain is read from the LDAP server.

https://pagure.io/freeipa/issue/7526

Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2018-05-28 21:25:47 +02:00
..
plugins
Add absolute_import future imports
2018-04-20 09:43:37 +02:00
server
Enable SPAKE support using krb5.conf.d snippet
2018-04-28 16:35:16 +02:00
__init__.py
Remove __all__ specifications in ipaclient and ipaserver.install
2013-09-06 15:42:33 +02:00
adtrust.py
Add absolute_import future imports
2018-04-20 09:43:37 +02:00
adtrustinstance.py
Add absolute_import future imports
2018-04-20 09:43:37 +02:00
bindinstance.py
Cleanup and remove more files on uninstall
2018-03-28 21:18:48 +02:00
ca.py
install: fix reported external CA configuration
2018-05-02 11:15:49 +02:00
cainstance.py
Use single Custodia instance in installers
2018-04-26 21:19:53 +02:00
certs.py
Fix certificate retrieval in ipa-replica-prepare for DL0
2018-05-04 16:08:47 -03:00
conncheck.py
install: introduce installer class hierarchy
2016-11-11 12:17:25 +01:00
custodiainstance.py
Require nss with fix for nickname bug
2018-05-04 12:03:43 +02:00
dns.py
Warning the user when using a loopback IP as forwarder
2017-11-09 09:24:03 -02:00
dnskeysyncinstance.py
Add absolute_import future imports
2018-04-20 09:43:37 +02:00
dogtag.py
install: introduce installer class hierarchy
2016-11-11 12:17:25 +01:00
dogtaginstance.py
Add absolute_import future imports
2018-04-20 09:43:37 +02:00
dsinstance.py
Add absolute_import future imports
2018-04-20 09:43:37 +02:00
httpinstance.py
ipa-server-install: publish complete cert chain in /usr/share/ipa/html/ca.crt
2018-05-28 21:25:47 +02:00
installutils.py
Use GnuPG 2 for symmentric encryption
2018-05-27 16:05:50 +02:00
ipa_backup.py
Use GnuPG 2 for backup/restore
2018-05-27 16:05:50 +02:00
ipa_cacert_manage.py
Add absolute_import future imports
2018-04-20 09:43:37 +02:00
ipa_kra_install.py
Use single Custodia instance in installers
2018-04-26 21:19:53 +02:00
ipa_ldap_updater.py
Add absolute_import future imports
2018-04-20 09:43:37 +02:00
ipa_otptoken_import.py
Add absolute_import future imports
2018-04-20 09:43:37 +02:00
ipa_pkinit_manage.py
Add absolute_import future imports
2018-04-20 09:43:37 +02:00
ipa_replica_install.py
Add absolute_import future imports
2018-04-20 09:43:37 +02:00
ipa_replica_prepare.py
replica_prepare: Remove the correct NSS DB files
2018-01-16 16:36:10 +01:00
ipa_restore.py
Use GnuPG 2 for backup/restore
2018-05-27 16:05:50 +02:00
ipa_server_certinstall.py
ipa-server-certinstall failing, unknown option realm
2018-04-20 08:51:37 -04:00
ipa_server_install.py
Add absolute_import future imports
2018-04-20 09:43:37 +02:00
ipa_server_upgrade.py
Add absolute_import future imports
2018-04-20 09:43:37 +02:00
ipa_winsync_migrate.py
Add absolute_import future imports
2018-04-20 09:43:37 +02:00
kra.py
Use single Custodia instance in installers
2018-04-26 21:19:53 +02:00
krainstance.py
Add absolute_import future imports
2018-04-20 09:43:37 +02:00
krbinstance.py
Enable SPAKE support using krb5.conf.d snippet
2018-04-28 16:35:16 +02:00
ldapupdate.py
upgrade: treat duplicate entry when updating as not an error
2018-04-17 08:18:17 +02:00
odsexporterinstance.py
Add absolute_import future imports
2018-04-20 09:43:37 +02:00
opendnssecinstance.py
Add absolute_import future imports
2018-04-20 09:43:37 +02:00
otpdinstance.py
Enable pylint missing-final-newline check
2015-12-23 07:59:22 +01:00
replication.py
Add absolute_import future imports
2018-04-20 09:43:37 +02:00
schemaupdate.py
logging: do not use ipa_log_manager to create module-level loggers
2017-07-14 15:55:59 +02:00
service.py
Replace ntpd with chronyd in installation
2018-04-09 11:00:02 -04:00
sysupgrade.py
Add absolute_import future imports
2018-04-20 09:43:37 +02:00
upgradeinstance.py
Add absolute_import future imports
2018-04-20 09:43:37 +02:00