Bug 1345755

Summary: Support for specifying IPA lightweight CA
Product: Red Hat Enterprise Linux 7 Reporter: Jan Cholasta <jcholast>
Component: certmongerAssignee: Jan Cholasta <jcholast>
Status: CLOSED ERRATA QA Contact: Kaleem <ksiddiqu>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 7.3CC: akasurde, dkupka, enewland, jcholast, mkosek, mmuehlfe, nalin, nsoman
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: certmonger-0.78.4-3.el7 Doc Type: If docs needed, set a value
Doc Text:
IdM now supports sub-CAs Previously, Identity Management (IdM) only supported one certificate authority (CA) that was used to sign all certificates issued within the IdM domain. Now, you can use lightweight sub-CAs for better control over the purpose for which a certificate can be used. For example, a Virtual Private Network (VPN) server can be configured to only accept certificates issued by a sub-CA created for that purpose, rejecting certificates issued by other sub-CAs, such as a smart card CA. To support this functionality, you can now specify an IdM lightweight sub-CA when requesting a certificate with certmonger. For details, see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#lightweight-sub-cas
 Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-04 07:50:44 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1200731    
Attachments:
Description Flags
console.log none

Description Jan Cholasta 2016-06-13 06:49:52 UTC 
This bug is created as a clone of upstream ticket:
https://fedorahosted.org/certmonger/ticket/51

Certmonger needs a way to specify an IPA lightweight CA name when
requesting a certificate.  It is the Certmonger side of
https://fedorahosted.org/freeipa/ticket/4559.

Design page: http://www.freeipa.org/page/V4/Sub-CAs#Certmonger
Comment 1 Jan Cholasta 2016-07-01 06:21:51 UTC 
Fixed upstream
https://git.fedorahosted.org/cgit/certmonger.git/commit/?id=20a6536febf0815d0b3d301133820a46fdd6ef21
https://git.fedorahosted.org/cgit/certmonger.git/commit/?id=21199413f346db4540d987dc2bb256b6b747c572
https://git.fedorahosted.org/cgit/certmonger.git/commit/?id=4d482fd23ce089478493b5c70743091ad0b28e73
https://git.fedorahosted.org/cgit/certmonger.git/commit/?id=6f15f531c83468bdde72f6109bd7153e9833763c
https://git.fedorahosted.org/cgit/certmonger.git/commit/?id=f624f1de0b7eff66ea247d9ab718a141fcf33c77
https://git.fedorahosted.org/cgit/certmonger.git/commit/?id=451d675c25130925ebfa3ffe5774b588c885865d
Comment 6 Abhijeet Kasurde 2016-08-17 08:54:47 UTC 
Marking as FailedQA as found following bug - BZ1367683
Comment 9 Abhijeet Kasurde 2016-09-20 06:16:59 UTC 
Verified using IPA and Certmonger version::
ipa-server-4.4.0-12.el7.x86_64
certmonger-0.78.4-3.el7.x86_64


Marking BZ as verified.
Comment 10 Abhijeet Kasurde 2016-09-20 06:20:12 UTC 
Created attachment 1202712 [details]
console.log
Comment 12 errata-xmlrpc 2016-11-04 07:50:44 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHEA-2016-2519.html