[Freeipa-users] Unable to get new certificates after upgrade
Alessandro De Maria
alessandro.demaria at gmail.com
Sat Feb 27 22:08:09 UTC 2016
I re-run the upgrade script and that fixed it. Thank you very much
Alexander!
On 27 February 2016 at 21:46, Alessandro De Maria <
alessandro.demaria at gmail.com> wrote:
> Yes that looks exactly like it, thank you.
> Are you aware of a workaround available? Like changing manually the CS.cfg?
>
>
> On 27 February 2016 at 21:40, Alexander Bokovoy <abokovoy at redhat.com>
> wrote:
>
>> On Sat, 27 Feb 2016, Alessandro De Maria wrote:
>>
>>> great that explains a lot! Thank you.
>>>
>>> My hunt for > 4.2.0 was just because in the release note for 4.2.1 it
>>> had:
>>>
>>> - Various fixes for new Certificates Profiles feature
>>>
>>>
>>> So I immediately assumed the problem I might be experiencing could be
>>> fixed
>>> by an upgrade (I have tried everything else I know)
>>>
>>> But thank you this is already very helpful.
>>>
>>> I hope I can find some other pointed to understand my issue then.
>>>
>> I think you are hitting https://fedorahosted.org/freeipa/ticket/5682
>>
>> commit 704319c3eaf74e0531dd2aa1e5880db7b6ab830c
>> Author: Martin Babinsky <mbabinsk at redhat.com>
>> Date: Mon Feb 22 13:35:41 2016 +0100
>>
>> upgrade: unconditional import of certificate profiles into LDAP
>> During IPA server upgrade, the migration of Dogtag profiles into
>> LDAP
>> backend was bound to the update of CS.cfg which enabled the LDAP
>> profile
>> subsystem. If the subsequent profile migration failed, the subsequent
>> upgrades were not executing the migration code leaving CA subsystem in
>> broken state. Therefore the migration code path should be executed
>> regardless of the status of the main Dogtag config file.
>> https://fedorahosted.org/freeipa/ticket/5682
>> Reviewed-By: Fraser Tweedale <ftweedal at redhat.com>
>> Reviewed-By: Jan Cholasta <jcholast at redhat.com>
>>
>> This should be part of 4.2.4 release and will eventually make into
>> RHEL/CentOS updates.
>>
>> --
>> / Alexander Bokovoy
>>
>
>
>
> --
> Alessandro De Maria
> alessandro.demaria at gmail.com
>
--
Alessandro De Maria
alessandro.demaria at gmail.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160227/42e6d166/attachment.htm>
More information about the Freeipa-users
mailing list