[Pki-devel] [PATCH] TRAC Ticket #816 - pki-tomcat cannot be started after installation of ipa replica with ca [20140319]
Matthew Harmsen
mharmsen at redhat.com
Thu Mar 20 02:11:52 UTC 2014
This patch causes the 'sslserver' certificate for a CA clone to be
signed by its associated master CA during configuration, and resolves
the following bug:
* Dogtag TRAC Ticket #816 - pki-tomcat cannot be started after
installation of ipa replica with ca
<https://fedorahosted.org/pki/ticket/816>
This was necessary to avoid any changes which may have been made to the
X500Name directory string encoding order (i. e. - creating a Cloned CA
on Fedora 20 from a Master CA on Fedora 19).
This was also tested with an installation of IPA on Fedora 19, and a
replica installation on Fedora 20 (after adding
"|^/ca/ee/ca/profileSubmit" to the
"/etc/httpd/conf.d/ipa-pki-proxy.conf" on the Fedora 19 master -- an IPA
ticket will be filed for this issue).
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140319/bf103d2b/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 20140319-Sign-CA-clone-sslserver-certificate-using-CA-master.patch
Type: text/x-patch
Size: 5645 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20140319/bf103d2b/attachment.bin>
More information about the Pki-devel
mailing list