-
Notifications
You must be signed in to change notification settings - Fork 332
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Do not renew externally-signed CA as self-signed
Commit 49cf5ec fixed a bug that prevented migration from externally-signed to self-signed IPA CA. But it introduced a subtle new issue: certmonger-initiated renewal renews an externally-signed IPA CA as a self-signed CA. To resolve this issue, introduce the `--force-self-signed' flag for the dogtag-ipa-ca-renew-agent script. Add another certmonger CA definition that calls this script with the `--force-self-signed' flag. Update dogtag-ipa-ca-renew-agent to only issue a self-signed CA certificate if the existing certificate is self-signed or if `--force-self-signed' was given. Update `ipa-cacert-manage renew' to supply `--force-self-signed' when appropriate. As a result of these changes, certmonger-initiated renewal of an externally-signed IPA CA certificate will not issue a self-signed certificate. Fixes: https://pagure.io/freeipa/issue/8176 Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
- Loading branch information
1 parent
78827db
commit 4b55136
Showing
7 changed files
with
29 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters