Back to bug 1309382
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Petr Vobornik | 2016-02-18 09:05:31 UTC | Status | NEW | POST |
| Jan Cholasta | 2016-02-23 20:33:35 UTC | Status | POST | MODIFIED |
| Fixed In Version | ipa-4.2.0-15.el7_2.8 | |||
| errata-xmlrpc | 2016-02-23 20:38:08 UTC | Status | MODIFIED | ON_QA |
| Petr Vobornik | 2016-02-24 16:26:56 UTC | Flags | needinfo?(jcholast) | |
| Jan Cholasta | 2016-02-25 08:46:25 UTC | Flags | needinfo?(jcholast) | |
| Abhijeet Kasurde | 2016-03-08 13:15:08 UTC | CC | akasurde | |
| Flags | needinfo?(jcholast) | |||
| Jan Cholasta | 2016-03-14 09:19:13 UTC | Flags | needinfo?(jcholast) | |
| Jan Cholasta | 2016-03-17 06:34:24 UTC | Doc Text | Cause: IPA replica install code made wrong assumptions about the install environment. Consequence: The ipa-replica-install and ipa-ca-install commands would fail when installing a replica of a RHEL 6 master with selfsign CA. Fix: Fix IPA replica install code not to assume a recent IPA master with Dogtag CA. Result: The ipa-replica-install and ipa-ca-install work correctly when installing a replica of a RHEL 6 master with selfsign CA. |
|
| Abhijeet Kasurde | 2016-03-17 12:26:13 UTC | Status | ON_QA | VERIFIED |
| Jan Cholasta | 2016-03-17 13:04:36 UTC | Status | VERIFIED | POST |
| Jan Cholasta | 2016-03-17 13:34:45 UTC | Status | POST | MODIFIED |
| Fixed In Version | ipa-4.2.0-15.el7_2.8 | ipa-4.2.0-15.el7_2.12 | ||
| errata-xmlrpc | 2016-03-17 13:36:03 UTC | Status | MODIFIED | ON_QA |
| Abhijeet Kasurde | 2016-03-18 06:36:00 UTC | Status | ON_QA | VERIFIED |
| Aneta Šteflová Petrová | 2016-05-06 06:33:17 UTC | Doc Text | Cause: IPA replica install code made wrong assumptions about the install environment. Consequence: The ipa-replica-install and ipa-ca-install commands would fail when installing a replica of a RHEL 6 master with selfsign CA. Fix: Fix IPA replica install code not to assume a recent IPA master with Dogtag CA. Result: The ipa-replica-install and ipa-ca-install work correctly when installing a replica of a RHEL 6 master with selfsign CA. | The ipa-replica-install and ipa-ca-install utilities failed when installing a replica of a Red Hat Enterprise Linux 6 master with a self-signed CA certificate. This updates fixes the bug. Note that after running ipa-ca-install, you must run the ipa-certupdate utility. Also, it is not possible to install a replica with a CA certificate against a master that uses a third-party certificate for the httpd service. To work around this problem, issue a temporary IdM certificate for httpd on the master before installing the replica: # certutil -d /etc/httpd/alias -L -n [NICKNAME] -r >backup.crt.der # ipa service-mod HTTP/[HOSTNAME] --certificate= # ipa-getcert start-tracking -d /etc/httpd/alias -n [NICKNAME] -p /etc/httpd/alias/pwdfile.txt -C /usr/lib64/ipa/certmonger/restart_httpd # ipa-getcert resubmit -d /etc/httpd/alias -n [NICKNAME] -K HTTP/[HOSTNAME] After installing the replica, revert to the original certificate: # ipa-getcert stop-tracking -d /etc/httpd/alias -n [NICKNAME] # certutil -d /etc/httpd/alias -D -n [NICKNAME] # certutil -d /etc/httpd/alias -A -n [NICKNAME] -t ,, -i backup.crt.der # systemctl restart httpd |
| errata-xmlrpc | 2016-05-12 00:55:25 UTC | Status | VERIFIED | RELEASE_PENDING |
| errata-xmlrpc | 2016-05-12 09:58:28 UTC | Status | RELEASE_PENDING | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2016-05-12 05:58:28 UTC |
Back to bug 1309382