Bug 1690037
| Summary: | [RFE] Add utility to promote CA replica to CRL master | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 7 | Reporter: | Florence Blanc-Renaud <frenaud> |
| Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
| Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> |
| Severity: | unspecified | Docs Contact: | Marc Muehlfeld <mmuehlfe> |
| Priority: | unspecified | ||
| Version: | 7.7 | CC: | dpal, edewata, fcami, frenaud, gparente, ksiddiqu, mkosek, msauton, ndehadra, pasik, pvoborni, rcritten, ssidhaye, tmihinto, tscherf |
| Target Milestone: | rc | Keywords: | FutureFeature |
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ipa-4.6.5-1.el7 | Doc Type: | Enhancement |
| Doc Text: |
.IdM now provides a utility to promote a CA to a CRL generation master
With this enhancement, administrators can promote an existing Identity Management (IdM) certificate authority (CA) to a certificate revocation list (CRL) generation master or remove this feature from a CA. Previously, multiple manual steps were required to configure an IdM CA as CRL generation master, and the procedure was error-prone. As a result, administrators can now use the `ipa-crlgen-manage enable` and `ipa-crlgen-manage disable` commands to enable and disable CRL generation on an IdM CA.
|
Story Points: | --- |
| Clone Of: | 1326425 | Environment: | |
| Last Closed: | 2019-08-06 13:09:30 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1326425, 1683261 | ||
| Bug Blocks: | 1550132, 1644708 | ||
|
Comment 2
François Cami
2019-03-19 15:12:58 UTC
Builds used for verification: pki-base-10.5.16-2.el7.noarch 389-ds-base-1.3.9.1-5.el7.x86_64 sssd-1.16.4-13.el7.x86_64 ipa-server-4.6.5-6.el7.x86_64 Since the tier 0 tests are passing, following scenarios are tested 1. test master enable crlgen already enabled 2. test master disable crlgen 3. test master disable crlgen already disabled 4. test master enable crlgen 5. test crlgen status on replica 6. test crlgen disable on caless replica 7. test crlgen enable on caless replica 8. test crlgen enable on ca replica 9. test crlgen enable on broken master 10. test crlgen disable on broken master 11. test crlgen enable on broken replica 12. test crlgen disable on broken replica 13. test uninstall without ignore last of role 14. test uninstall with ignore last of role 15. test uninstall last master does not require ignore last of role Hence marking this bugzilla as verified. Correction: Tier 1 tests are passing Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2241 |