Back to bug 1308852
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Matthew Harmsen | 2016-02-19 17:46:22 UTC | Depends On | 1310195 | |
| Matthew Harmsen | 2016-02-19 18:57:56 UTC | Status | NEW | MODIFIED |
| Fixed In Version | pki-core-10.2.5-7.el7_2 | |||
| errata-xmlrpc | 2016-02-19 19:45:07 UTC | Status | MODIFIED | ON_QA |
| Kaleem | 2016-02-23 06:47:05 UTC | CC | ksiddiqu | |
| Geetika Kapoor | 2016-03-08 14:15:22 UTC | Status | ON_QA | ASSIGNED |
| CC | gkapoor | |||
| Jack Magne | 2016-03-09 22:49:16 UTC | CC | jmagne | |
| Asha Akkiangady | 2016-03-14 19:00:06 UTC | Flags | needinfo?(gkapoor) | |
| Geetika Kapoor | 2016-03-15 05:47:59 UTC | Flags | needinfo?(gkapoor) | |
| Scott Poore | 2016-03-15 13:01:05 UTC | CC | spoore | |
| Lenka Špačková | 2016-03-16 15:46:18 UTC | Doc Text | The certificate validity was calculated incorrectly in case of a daylight saving time change in the validity period. Consequently, the "ipa-cacert-manage renew" command could fail with a validity error. With this update, the CA Validity Default has been modified to use Calendar API, which calculates the certificate validity range consistently with the Validity Constraint and Validity Default. As a result, a CA certificate is successfully renewed in this scenario. | |
| Lenka Špačková | 2016-03-16 15:47:49 UTC | Doc Text | The certificate validity was calculated incorrectly in case of a daylight saving time change in the validity period. Consequently, the "ipa-cacert-manage renew" command could fail with a validity error. With this update, the CA Validity Default has been modified to use Calendar API, which calculates the certificate validity range consistently with the Validity Constraint and Validity Default. As a result, a CA certificate is successfully renewed in this scenario. | The deployment procedure for external Certificate Authority (CA) has been modified so that it generates the CA Certificate Signing Request (CSR) before starting the server. This allows the same procedure to be used to import a CA certificate from an existing server. It also removes the requirement to keep the server running while waiting to get the CSR signed by an external CA. The "pki ca-cert-request-submit" command has been modified to provide options to specify the profile name and the CSR, which is then used to create and populate the request object. As a result, it is no longer necessary to download the request template and insert the CSR manually. A new "pki-server subsystem-cert-export" command has been added to export a system certificate, the CSR, and the key. This command can be used to migrate a system certificate into another instance. The manual pages have been updated to reflect these changes. The installation code for an external CA case has been fixed so that Identity Management can detect step 1 completion properly. The code that handles certificate data conversion has been fixed to reformat base-64 data for Privacy Enhanced Mail (PEM) output correctly. |
| Matthew Harmsen | 2016-03-17 16:41:18 UTC | Assignee | mharmsen | edewata |
| Endi Sukma Dewata | 2016-03-17 19:17:56 UTC | Attachment #1137484 Flags | review?(mharmsen) | |
| Matthew Harmsen | 2016-03-17 23:20:31 UTC | Attachment #1137484 Flags | review?(mharmsen) | review+ |
| Matthew Harmsen | 2016-03-18 20:25:12 UTC | Fixed In Version | pki-core-10.2.5-7.el7_2 | pki-core-10.2.5-8.el7_2 |
| Matthew Harmsen | 2016-03-18 20:25:35 UTC | Status | ASSIGNED | MODIFIED |
| errata-xmlrpc | 2016-03-18 20:42:48 UTC | Status | MODIFIED | ON_QA |
| Asha Akkiangady | 2016-03-22 12:31:30 UTC | Comment 21 is private | 1 | 0 |
| Status | ON_QA | VERIFIED | ||
| Aneta Šteflová Petrová | 2016-05-03 07:16:21 UTC | Doc Text | The deployment procedure for external Certificate Authority (CA) has been modified so that it generates the CA Certificate Signing Request (CSR) before starting the server. This allows the same procedure to be used to import a CA certificate from an existing server. It also removes the requirement to keep the server running while waiting to get the CSR signed by an external CA. The "pki ca-cert-request-submit" command has been modified to provide options to specify the profile name and the CSR, which is then used to create and populate the request object. As a result, it is no longer necessary to download the request template and insert the CSR manually. A new "pki-server subsystem-cert-export" command has been added to export a system certificate, the CSR, and the key. This command can be used to migrate a system certificate into another instance. The manual pages have been updated to reflect these changes. The installation code for an external CA case has been fixed so that Identity Management can detect step 1 completion properly. The code that handles certificate data conversion has been fixed to reformat base-64 data for Privacy Enhanced Mail (PEM) output correctly. | The deployment procedure for external CA has been modified to generate the CA Certificate Signing Request (CSR) before starting the server. This allows the same procedure to be used for importing a CA certificate from an existing server. In addition, it is no longer required to keep the server running while waiting to get the CSR signed by an external CA. The "pki ca-cert-request-submit" command now provides options to specify the profile name and the CSR, which is then used to create and populate the request object. As a result, it is no longer necessary to download the request template and insert the CSR manually. A new "pki-server subsystem-cert-export" command exports a system certificate, the CSR, and the key. This command can be used to migrate a system certificate into another instance. The manual pages have been updated to reflect these changes. The installation code for installing an Identity Management (IdM) server with an external CA has been fixed so that IdM can detect whether step 1 of the installation process was completed properly. The code that handles certificate data conversion has been fixed to reformat base-64 data for Privacy Enhanced Mail (PEM) output correctly. |
| errata-xmlrpc | 2016-05-04 17:38:07 UTC | Status | VERIFIED | RELEASE_PENDING |
| errata-xmlrpc | 2016-05-12 09:57:07 UTC | Status | RELEASE_PENDING | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-05-12 05:57:07 UTC | |||
| Dinesh Prasanth | 2020-10-04 21:02:42 UTC | Link ID | Github dogtagpki/pki/issues/2258 |
Back to bug 1308852