[Freeipa-devel] [freeipa PR#222][opened] Fix ipa-replica-install when upgrade from ca-less to ca-full
flo-renaud
freeipa-github-notification at redhat.com
Wed Nov 9 15:34:56 UTC 2016
URL: https://github.com/freeipa/freeipa/pull/222
Author: flo-renaud
Title: #222: Fix ipa-replica-install when upgrade from ca-less to ca-full
Action: opened
PR body:
"""
When ipa-replica-prepare is run on a master upgraded from CA-less to
CA-full, it creates the replica file with a copy of the local /etc/ipa/ca.crt.
This causes issues if this file hasn't been updated with ipa-certupdate,
as it contains the external CA that signed http/ldap certs, but not
the newly installed IPA CA.
As a consequence, ipa-replica-install fails with "Could not find a CA cert".
The fix consists in retrieving the CA certificates from LDAP instead of
the local /etc/ipa/ca.crt.
https://fedorahosted.org/freeipa/ticket/6375
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/222/head:pr222
git checkout pr222
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-pr-222.patch
Type: text/x-diff
Size: 2647 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20161109/3c8272fc/attachment.bin>
More information about the Freeipa-devel
mailing list