URL:
https://github.com/freeipa/freeipa/pull/1045
Author: flo-renaud
Title: #1045: Fix ipa-server-upgrade with server cert tracking
Action: opened
PR body:
"""
ipa-server-upgrade fails with Server-Cert not found, when trying to
track httpd/ldap server certificates. There are 2 issues in the upgrade:
- the certificates should be tracked only if they were issued by IPA CA or
IPA lighweight subCA (it is possible to have CA configured but 3rd part certs)
- the certificate nickname can be different from Server-Cert
The fix provides methods to find the server crt nickname for http and ldap,
and a method to check if the server certs are issued by IPA and need to be
tracked by certmonger.
https://pagure.io/freeipa/issue/7141
"""
To pull the PR as Git branch:
git remote add ghfreeipa
https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1045/head:pr1045
git checkout pr1045