Don't error in DogtagCertsConnectivityCheck with external CAs #286
Commits on Jul 18, 2023
-
Don't error in DogtagCertsConnectivityCheck with external CAs
The purpose of the check is to validate that communication with the CA works. In the past we looked up serial number 1 for this check. The problem is that if the server was installed with RSNv3 so had no predictable CA serial number. It also was broken with externally-issued CA certificate which cannot be looked up in IPA. Instead use the IPA RA agent certificate which should definitely have a serial number in the IPA CA if one is configured. Fixes: freeipa#285 Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.