[Pki-devel] Fwd: [PATCH] TRAC Ticket #816 - pki-tomcat cannot be started after installation of ipa replica with ca [20140225]

Matthew Harmsen mharmsen at redhat.com
Wed Feb 26 01:33:57 UTC 2014 

Note:  This patch is intended for Dogtag 10.1.  Once approved, it will 
also need to be applied to the 'master' branch.


-------- Original Message --------
Subject: 	[Pki-devel] [PATCH] TRAC Ticket #816 - pki-tomcat cannot be 
started after installation of ipa replica with ca [20140225]
Date: 	Tue, 25 Feb 2014 17:31:50 -0800
From: 	Matthew Harmsen <mharmsen at redhat.com>
To: 	pki-devel <pki-devel at redhat.com>



This patch causes the 'sslserver' certificate for a CA clone to be 
signed by its associated master CA during configuration, and resolves 
the following bug:

  * Dogtag TRAC Ticket #816 - pki-tomcat cannot be started after
    installation of ipa replica with ca
    <https://fedorahosted.org/pki/ticket/816>

This was necessary to avoid any changes which may have been made to the 
X500Name directory string encoding order (i. e. - creating a Cloned CA 
on Fedora 20 from a Master CA on Fedora 19).

The code was tested (applying the CAVEAT below) via end-to-end 
'pkispawn' installation and batch-based configuration; it has not yet 
been tested with GUI-based configuration.

*CAVEAT:*

    During the preparation of this patch it was discovered that an
    end-to-end test of functionality cannot be accomplished due to the
    389 TRAC Ticket #47721 - Schema Replication Issue
    <https://fedorahosted.org/389/ticket/47721> which prevents the
    '99user.ldif' file from being properly replicated from the Master CA
    to the Cloned CA.  However, I verified that this code does work by
    shutting down DS on the cloned CA machine, manually replacing
    '/etc/dirsrv/slapd-<clone>/schema/99user.ldif' with
    '/etc/dirsrv/slapd-<master>/schema/99user.ldif, restarting DS and
    the Cloned CA, and successfully performing a test enrollment.



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140225/3b836a5e/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 20140225-CA-clone-sslserver-cert.patch
Type: text/x-patch
Size: 4854 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140225/3b836a5e/attachment.bin>
-------------- next part --------------
_______________________________________________
Pki-devel mailing list
Pki-devel at redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel

More information about the Pki-devel mailing list