[freeipa PR#1097][opened] Backport 4-5: Fix ipa-server-upgrade with server cert tracking
by flo-renaud
URL: https://github.com/freeipa/freeipa/pull/1097
Author: flo-renaud
Title: #1097: Backport 4-5: Fix ipa-server-upgrade with server cert tracking
Action: opened
PR body:
"""
ipa-server-upgrade fails with Server-Cert not found, when trying to
track httpd/ldap server certificates. There are 2 issues in the upgrade:
- the certificates should be tracked only if they were issued by IPA CA
(it is possible to have CA configured but 3rd part certs)
- the certificate nickname can be different from Server-Cert
The fix provides methods to find the server crt nickname for http and ldap,
and a method to check if the server certs are issued by IPA and need to be
tracked by certmonger.
https://pagure.io/freeipa/issue/7141
Reviewed-By: Stanislav Laznicka <slaznick(a)redhat.com>
Reviewed-By: Fraser Tweedale <ftweedal(a)redhat.com>
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1097/head:pr1097
git checkout pr1097
6 years, 7 months