URL:
https://github.com/freeipa/freeipa/pull/813
Author: frasertweedale
Title: #813: Add Subject Key Identifier to CA cert validity check
Action: opened
PR body:
"""
CA certificates MUST have the Subject Key Identifier extension to
facilitiate certification path construction. Not having this
extension on the IPA CA certificate will cause failures in Dogtag
during signing; it tries to copy the CA's Subject Key Identifier to
the new certificate's Authority Key Identifier extension, which
fails.
When installing an externally-signed CA, check that the Subject Key
Identifier extension is present in the CA certificate.
Fixes:
https://pagure.io/freeipa/issue/6976
"""
To pull the PR as Git branch:
git remote add ghfreeipa
https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/813/head:pr813
git checkout pr813