Title: #5199: Change KRA profiles in certmonger tracking so they can renew
Change KRA profiles in certmonger tracking so they can renew
Internal profiles were assigned which prevented rewewals.
dogtag is providing a new profile for the audit signing cert,
There are existing profiles for the transport (caTransportCert)
and storage (caStorageCert) certificates.
Signed-off-by: Rob Crittenden <rcritten(a)redhat.com>
**NOTE**: This is WIP because the necessary profile is only in the pki nightly repo. We
want this backported to other supported IPA branches but they may be delayed depending on
when pki builds are available.
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/5199/head:pr5199
git checkout pr5199