Bug 1445345
Summary: | Backport patch to add SAN extension into certificates | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Martin Bašti <mbasti> |
Component: | freeipa | Assignee: | Tomas Krizek <tkrizek> |
Status: | CLOSED NOTABUG | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 25 | CC: | abokovoy, ipa-maint, jcholast, jhrozek, mbasti, pasteur, pvoborni, rcritten, ssorce, tkrizek, tomek |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2017-05-17 08:22:24 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Martin Bašti
2017-04-25 13:54:42 UTC
Backporting the patch will solve only new installs but it won't update existing installations. Martin, could you provide a command which will renew the cert with the required extensions. *** Bug 1445927 has been marked as a duplicate of this bug. *** Please follow steps in following email https://www.redhat.com/archives/freeipa-users/2017-April/msg00197.html to renew certificate with SAN extension Then Marco Rhodes transformed it into a simple Ansible playbook: - name: add SAN extension to IPA Apache SSL certificates hosts: ipa_v4 gather_facts: no tasks: - name: certmonger - resubmit Apache SSL CSR with SAN extension shell: getcert resubmit -d /etc/httpd/alias -n 'Server-Cert' -D `hostname -f` -w -v become: true register: resubmit_result - debug: var=resubmit_result.stdout_lines - name: certmonger - list tracking status for Apache SSL certificate shell: getcert list -d /etc/httpd/alias/ -n 'Server-Cert' |egrep " ID|status:|stuck:|certificate:|expires:" become: true register: list_result - debug: var=list_result.stdout_lines This has been fixed since IPA 4.4.1. https://pagure.io/freeipa/c/b12db924143cd6828c596c0b8a261325f3f589f3 |