freeipa/install/certmonger
Rob Crittenden c6f2d0212b dogtag-ipa-ca-renew-agent-submit: expect certs to be on HSMs
On a non-HSM, non-renewal-server replica we look in LDAP for
an updated certificate. If the certificates don't match then we
have a new one and write it out. If they match the assumption is
that it hasn't been renewed yet so go into CA_WORKING.

The problem is that for networked HSMs the cert will already be
visible in the database so certmonger will always be in CA_WORKING.
In this case we can assume that if the certs are the same then
that's just fine.

Related: https://pagure.io/freeipa/issue/9273

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
2024-05-16 08:46:32 -04:00
..
dogtag-ipa-ca-renew-agent-submit.in dogtag-ipa-ca-renew-agent-submit: expect certs to be on HSMs 2024-05-16 08:46:32 -04:00
ipa-server-guard.in pylint: Fix useless-suppression 2022-03-11 13:37:08 -05:00
Makefile.am Generate scripts from templates 2018-08-23 14:49:06 +02:00