Bug 1371927
Summary: | Implement ca-enable/disable commands. | ||||||
---|---|---|---|---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Martin Bašti <mbasti> | ||||
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> | ||||
Status: | CLOSED ERRATA | QA Contact: | Abhijeet Kasurde <akasurde> | ||||
Severity: | unspecified | Docs Contact: | |||||
Priority: | unspecified | ||||||
Version: | 7.3 | CC: | akasurde, ftweedal, mbabinsk, pvoborni, rcritten | ||||
Target Milestone: | rc | ||||||
Target Release: | --- | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Whiteboard: | |||||||
Fixed In Version: | ipa-4.5.0-1.el7 | Doc Type: | If docs needed, set a value | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2017-08-01 09:39:54 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Martin Bašti
2016-08-31 12:45:07 UTC
Currently, admins have no way to wholesale disable a CA, i.e. to prevent it issuing new certificates with the possibility of re-enabling it at a later time, and ensuring that certificates issued by the CA can still be managed by FreeIPA. There is currently no way to do this. A similar but limited outcome can be achieved by removing the CA from all CA ACLs but this has a variable - possibly very high - administrative overhead. master: * c7e0dbc4e174d0bb7577de18cdb2f414f4199c57 Add ca-disable and ca-enable commands ipa-4-4: * b037e54e457d731cd16144df7573f4c85d79368a Add ca-disable and ca-enable commands Verified using IPA and PKI version :: ipa-server-4.5.0-14.el7.x86_64 pki-server-10.4.1-7.el7.noarch Marking BZ as verified. See attachment for console log. Created attachment 1283632 [details]
console.log
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2017:2304 |