URL: https://github.com/freeipa/freeipa/pull/2847 Author: flo-renaud Title: #2847: pkinit setup: fix regression on master install Action: opened PR body: """ ## pkinit setup: fix regression on master install The commit 7785210 intended to fix ipa-pkinit-manage enable on a replica without any CA but introduced a regression: ipa-server-install fails to configure pkinit with the fix. This commit provides a proper fix without the regression: pkinit needs to contact Dogtag directly only in case there is no CA instance yet (for ex. because we are installing the first master). Fixes: https://pagure.io/freeipa/issue/7795 ## test: add non-reg test checking pkinit after server install Add a test with the following scenario: ipa-server-install (with ca and pkinit enabled) check that pkinit is properly enabled: ipa-pkinit-manage status must return "enabled" the KDC cert must be signed by IPA CA Related to: https://pagure.io/freeipa/issue/7795 """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/2847/head:pr2847 git checkout pr2847