[Pki-devel] [PATCH] 778 Fixed KRA cloning issue.
Matthew Harmsen
mharmsen at redhat.com
Tue Jun 28 23:07:32 UTC 2016
On 06/21/2016 01:03 PM, Endi Sukma Dewata wrote:
> The pki pkcs12-import CLI has been modified not to import
> certificates that already exist in the NSS database unless
> specifically requested with the --overwrite parameter. This
> will avoid changing the trust flags of the CA signing
> certificate during KRA cloning.
>
> The some other classes have been modified to provide better
> debugging information.
>
> https://fedorahosted.org/pki/ticket/2374
>
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
Ran the following test:
Steps to reproduce:
1. Install CA and KRA on master:
$ ipa-server-install -U -r EXAMPLE.COM -p Secret123 -a Secret123
$ ipa-kra-install -p Secret123
2. Install CA and KRA on replica:
$ ipa-client-install -U --server server.example.com --domain example.com \
--realm EXAMPLE.COM -p admin -w Secret123
$ echo Secret123 | kinit admin
$ ipa-replica-install -U --setup-ca -p Secret123 -w Secret123
$ ipa-kra-install -p Secret123
Actual result: Success! The KRA installation on replica succeeded!
ACK
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20160628/2929d913/attachment.htm>
More information about the Pki-devel
mailing list