Back to bug 1308852

Who When What Removed Added
Matthew Harmsen 2016-02-19 17:46:22 UTC Depends On 1310195
Matthew Harmsen 2016-02-19 18:57:56 UTC Status NEW MODIFIED
Fixed In Version pki-core-10.2.5-7.el7_2
errata-xmlrpc 2016-02-19 19:45:07 UTC Status MODIFIED ON_QA
Kaleem 2016-02-23 06:47:05 UTC CC ksiddiqu
Geetika Kapoor 2016-03-08 14:15:22 UTC Status ON_QA ASSIGNED
CC gkapoor
Jack Magne 2016-03-09 22:49:16 UTC CC jmagne
Asha Akkiangady 2016-03-14 19:00:06 UTC Flags needinfo?(gkapoor)
Geetika Kapoor 2016-03-15 05:47:59 UTC Flags needinfo?(gkapoor)
Scott Poore 2016-03-15 13:01:05 UTC CC spoore
Lenka Špačková 2016-03-16 15:46:18 UTC Doc Text The certificate validity was calculated incorrectly in case of a daylight saving time change in the validity period. Consequently, the "ipa-cacert-manage renew" command could fail with a validity error. With this update, the CA Validity Default has been modified to use Calendar API, which calculates the certificate validity range consistently with the Validity Constraint and Validity Default. As a result, a CA certificate is successfully renewed in this scenario.
Lenka Špačková 2016-03-16 15:47:49 UTC Doc Text The certificate validity was calculated incorrectly in case of a daylight saving time change in the validity period. Consequently, the "ipa-cacert-manage renew" command could fail with a validity error. With this update, the CA Validity Default has been modified to use Calendar API, which calculates the certificate validity range consistently with the Validity Constraint and Validity Default. As a result, a CA certificate is successfully renewed in this scenario. The deployment procedure for external Certificate Authority (CA) has been modified so that it generates the CA Certificate Signing Request (CSR) before starting the server. This allows the same procedure to be used to import a CA certificate from an existing server. It also removes the requirement to keep the server running while waiting to get the CSR signed by an external CA.

The "pki ca-cert-request-submit" command has been modified to provide options to specify the profile name and the CSR, which is then used to create and populate the request object. As a result, it is no longer necessary to download the request template and insert the CSR manually.

A new "pki-server subsystem-cert-export" command has been added to export a system certificate, the CSR, and the key. This command can be used to migrate a system certificate into another instance.

The manual pages have been updated to reflect these changes.

The installation code for an external CA case has been fixed so that Identity Management can detect step 1 completion properly. The code that handles certificate data conversion has been fixed to reformat base-64 data for Privacy Enhanced Mail (PEM) output correctly.
Matthew Harmsen 2016-03-17 16:41:18 UTC Assignee mharmsen edewata
Endi Sukma Dewata 2016-03-17 19:17:56 UTC Attachment #1137484 Flags review?(mharmsen)
Matthew Harmsen 2016-03-17 23:20:31 UTC Attachment #1137484 Flags review?(mharmsen) review+
Matthew Harmsen 2016-03-18 20:25:12 UTC Fixed In Version pki-core-10.2.5-7.el7_2 pki-core-10.2.5-8.el7_2
Matthew Harmsen 2016-03-18 20:25:35 UTC Status ASSIGNED MODIFIED
errata-xmlrpc 2016-03-18 20:42:48 UTC Status MODIFIED ON_QA
Asha Akkiangady 2016-03-22 12:31:30 UTC Comment 21 is private 1 0
Status ON_QA VERIFIED
Aneta Šteflová Petrová 2016-05-03 07:16:21 UTC Doc Text The deployment procedure for external Certificate Authority (CA) has been modified so that it generates the CA Certificate Signing Request (CSR) before starting the server. This allows the same procedure to be used to import a CA certificate from an existing server. It also removes the requirement to keep the server running while waiting to get the CSR signed by an external CA.

The "pki ca-cert-request-submit" command has been modified to provide options to specify the profile name and the CSR, which is then used to create and populate the request object. As a result, it is no longer necessary to download the request template and insert the CSR manually.

A new "pki-server subsystem-cert-export" command has been added to export a system certificate, the CSR, and the key. This command can be used to migrate a system certificate into another instance.

The manual pages have been updated to reflect these changes.

The installation code for an external CA case has been fixed so that Identity Management can detect step 1 completion properly. The code that handles certificate data conversion has been fixed to reformat base-64 data for Privacy Enhanced Mail (PEM) output correctly.
The deployment procedure for external CA has been modified to generate the CA Certificate Signing Request (CSR) before starting the server. This allows the same procedure to be used for importing a CA certificate from an existing server. In addition, it is no longer required to keep the server running while waiting to get the CSR signed by an external CA.

The "pki ca-cert-request-submit" command now provides options to specify the profile name and the CSR, which is then used to create and populate the request object. As a result, it is no longer necessary to download the request template and insert the CSR manually.

A new "pki-server subsystem-cert-export" command exports a system certificate, the CSR, and the key. This command can be used to migrate a system certificate into another instance.

The manual pages have been updated to reflect these changes.

The installation code for installing an Identity Management (IdM) server with an external CA has been fixed so that IdM can detect whether step 1 of the installation process was completed properly. The code that handles certificate data conversion has been fixed to reformat base-64 data for Privacy Enhanced Mail (PEM) output correctly.
errata-xmlrpc 2016-05-04 17:38:07 UTC Status VERIFIED RELEASE_PENDING
errata-xmlrpc 2016-05-12 09:57:07 UTC Status RELEASE_PENDING CLOSED
Resolution --- ERRATA
Last Closed 2016-05-12 05:57:07 UTC
Dinesh Prasanth 2020-10-04 21:02:42 UTC Link ID Github dogtagpki/pki/issues/2258

Back to bug 1308852