<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Note: This patch is intended for Dogtag 10.1. Once approved, it
will also need to be applied to the 'master' branch.<br>
<div class="moz-forward-container"><br>
<br>
-------- Original Message --------
<table class="moz-email-headers-table" border="0" cellpadding="0"
cellspacing="0">
<tbody>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Subject:
</th>
<td>[Pki-devel] [PATCH] TRAC Ticket #816 - pki-tomcat cannot
be started after installation of ipa replica with ca
[20140225]</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">Date: </th>
<td>Tue, 25 Feb 2014 17:31:50 -0800</td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">From: </th>
<td>Matthew Harmsen <a class="moz-txt-link-rfc2396E" href="mailto:mharmsen@redhat.com"><mharmsen@redhat.com></a></td>
</tr>
<tr>
<th align="RIGHT" nowrap="nowrap" valign="BASELINE">To: </th>
<td>pki-devel <a class="moz-txt-link-rfc2396E" href="mailto:pki-devel@redhat.com"><pki-devel@redhat.com></a></td>
</tr>
</tbody>
</table>
<br>
<br>
<meta http-equiv="content-type" content="text/html;
charset=ISO-8859-1">
<tt>This patch causes the 'sslserver' certificate for a CA clone
to be signed by its associated master CA during configuration,
and resolves the following bug:</tt><tt><br>
</tt>
<ul>
<li><tt><a moz-do-not-send="true"
href="https://fedorahosted.org/pki/ticket/816">Dogtag TRAC
Ticket #816 - pki-tomcat cannot be started after
installation of ipa replica with ca</a></tt><tt><br>
</tt></li>
</ul>
<tt>This was necessary to avoid any changes which may have been
made to the X500Name directory string encoding order (i. e. -
creating a Cloned CA on Fedora 20 from a Master CA on Fedora
19).</tt><tt><br>
</tt><tt><br>
The code was tested (applying the CAVEAT below) via end-to-end
'pkispawn' installation and batch-based configuration; it has
not yet been tested with GUI-based configuration.<br>
<br>
</tt><b><tt>CAVEAT:</tt></b><tt><br>
</tt>
<blockquote><tt>During the preparation of this patch it was
discovered that an end-to-end test of functionality cannot be
accomplished due to the <a moz-do-not-send="true"
href="https://fedorahosted.org/389/ticket/47721">389 TRAC
Ticket #47721 - Schema Replication Issue</a> which prevents
the '99user.ldif' file from being properly replicated from the
Master CA to the Cloned CA. However, I verified that this
code does work by shutting down DS on the cloned CA machine,
manually replacing
'/etc/dirsrv/slapd-<clone>/schema/99user.ldif' with
'/etc/dirsrv/slapd-<master>/schema/99user.ldif,
restarting DS and the Cloned CA, and successfully performing a
test enrollment.</tt><br>
</blockquote>
<br>
</div>
<br>
</body>
</html>