Bug 1690191
Summary: | [RFE] Offline Certificate Renewal System | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 7 | Reporter: | Fraser Tweedale <ftweedal> |
Component: | ipa | Assignee: | IPA Maintainers <ipa-maint> |
Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> |
Severity: | urgent | Docs Contact: | Marc Muehlfeld <mmuehlfe> |
Priority: | urgent | ||
Version: | 7.4 | CC: | aakkiang, afarley, alee, arubin, cfu, cheimes, cpelland, dmoluguw, edewata, fcami, frenaud, ftweedal, ipa-maint, jmagne, mharmsen, mrhodes, myusuf, ndehadra, nkinder, pasik, phybl, pvoborni, rcritten, tmihinto, tscherf, wburrows |
Target Milestone: | rc | Keywords: | FutureFeature |
Target Release: | 7.7 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | ipa-4.6.5-2.el7 | Doc Type: | Enhancement |
Doc Text: |
.IdM now supports renewing expired system certificates when the server is offline
With this enhancement, administrators can renew expired system certificates when Identity Management (IdM) is offline. When a system certificate expires, IdM fails to start. The new `ipa-cert-fix` command replaces the workaround to manually set the date back to proceed with the renewal process. As a result, the downtime and support costs reduce in the mentioned scenario.
|
Story Points: | --- |
Clone Of: | 1468348 | Environment: | |
Last Closed: | 2019-08-06 13:09:37 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1468348, 1696849 | ||
Bug Blocks: | 1472344, 1550132, 1644708, 1647919, 1669257 |
Description
Fraser Tweedale
2019-03-19 00:57:45 UTC
Fixed upstream: ipa-4-6: https://pagure.io/freeipa/c/0a54a4c83f4e613ef5a7e52b697d849cf3676d22 https://pagure.io/freeipa/c/4f42ba8625436806120c6dbb6345f7327b06cd0a https://pagure.io/freeipa/c/01a487ede34c351f0916e480ba7cbc96ba6b4f7c https://pagure.io/freeipa/c/a2f9a704e8145b9d0c0b14a3005efd4a44a64532 https://pagure.io/freeipa/c/d0b9507e677042d5acba036e6d872fbcf247b28a https://pagure.io/freeipa/c/e3131495f07ce633fda86486056300138ff8fc80 Hi Marc, Please see the updated doc field. I'm adding Fraser to review since he wrote the `ipa-cert-fix` wrapper. .IdM now supports renewing expired system certificates when the server is offline With this enhancement, administrators can renew expired system certificates when Identity Management (IdM) is offline. When a system certificate expires, IdM fails to start. The new `ipa-cert-fix`, which is an IdM specific wrapper against `pki-server cert-fix`, command replaces the workaround to manually set the date back to proceed with the renewal process. As a result, the downtime and support costs reduce in the mentioned scenario. Identified tier1 test passed. Based on observation in comment#7, marking the bug verified. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2019:2241 The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days |