Bug 1817247

Summary: Upgrade to 10.8.3 breaks PKI Tomcat Server
Product: Red Hat Enterprise Linux 8 Reporter: Dinesh Prasanth <dmoluguw>
Component: pki-coreAssignee: RHCS Maintainers <rhcs-maint>
Status: CLOSED ERRATA QA Contact: PKI QE <bugzilla-pkiqe>
Severity: high Docs Contact:
Priority: unspecified    
Version: 8.2CC: aakkiang, alee, ascheel, edewata, extras-qa, kwright, lmiksik, mharmsen, prisingh, rhcs-maint, thomas
Target Milestone: rcKeywords: ZStream
Target Release: 8.2   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: pki-core-10.6-8030020200527223446.5ff1562f Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1814242
: 1822404 (view as bug list) Environment:
Last Closed: 2020-11-04 03:15:11 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1814242    
Bug Blocks: 1822404    

Comment 4 Dinesh Prasanth 2020-03-26 16:38:10 UTC 
Steps to reproduce:

1. Install RHEL8.1 machine
2. Install pki-ca. This should install pki-ca-10.7.* (anything less than 10.8.2 is fine)
3. Spawn a CA
4. Remove the following lines from /etc/pki/<instance>/ca/CS.cfg:

````
profile.caECAdminCert.config=*
profile.caECAdminCert.class_id=*
````

5. Remove the `caECAdminCert` from `profile.list` in CS.cfg

6. Upgrade machine to RHEL8.2. See if the PKI package is updated to pki-ca-10.8.3.

7. Run `dnf update pki-ca`, if PKI 10.8.3 packages are not installed

8. Restart CA

Without the fix, PKI server upgrade should fail. You should see this in the PKI upgrade logs,
and the server should be down.

If there are no errors, this bug is fixed.
Comment 15 errata-xmlrpc 2020-11-04 03:15:11 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:4847