[Pki-devel] [PATCH] TRAC Ticket #816 - pki-tomcat cannot be started after installation of ipa replica with ca [20140225]
Ade Lee
alee at redhat.com
Wed Feb 26 15:07:18 UTC 2014
Matt,
Have you done a cloning test without the above patch? You can do so by
implementing the workaround. In this case, does the DS replication
issue still arise?
Ade
On Tue, 2014-02-25 at 17:31 -0800, Matthew Harmsen wrote:
> This patch causes the 'sslserver' certificate for a CA clone to be
> signed by its associated master CA during configuration, and resolves
> the following bug:
> * Dogtag TRAC Ticket #816 - pki-tomcat cannot be started after
> installation of ipa replica with ca
> This was necessary to avoid any changes which may have been made to
> the X500Name directory string encoding order (i. e. - creating a
> Cloned CA on Fedora 20 from a Master CA on Fedora 19).
>
> The code was tested (applying the CAVEAT below) via end-to-end
> 'pkispawn' installation and batch-based configuration; it has not yet
> been tested with GUI-based configuration.
>
> CAVEAT:
> During the preparation of this patch it was discovered that an
> end-to-end test of functionality cannot be accomplished due to
> the 389 TRAC Ticket #47721 - Schema Replication Issue which
> prevents the '99user.ldif' file from being properly replicated
> from the Master CA to the Cloned CA. However, I verified that
> this code does work by shutting down DS on the cloned CA
> machine, manually replacing
> '/etc/dirsrv/slapd-<clone>/schema/99user.ldif' with
> '/etc/dirsrv/slapd-<master>/schema/99user.ldif, restarting DS
> and the Cloned CA, and successfully performing a test
> enrollment.
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list