Steps to reproduce:
1. Install RHEL8.1 machine
2. Install pki-ca. This should install pki-ca-10.7.* (anything less than 10.8.2 is fine)
3. Spawn a CA
4. Remove the following lines from /etc/pki/<instance>/ca/CS.cfg:
````
profile.caECAdminCert.config=*
profile.caECAdminCert.class_id=*
````
5. Remove the `caECAdminCert` from `profile.list` in CS.cfg
6. Upgrade machine to RHEL8.2. See if the PKI package is updated to pki-ca-10.8.3.
7. Run `dnf update pki-ca`, if PKI 10.8.3 packages are not installed
8. Restart CA
Without the fix, PKI server upgrade should fail. You should see this in the PKI upgrade logs,
and the server should be down.
If there are no errors, this bug is fixed.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHSA-2020:4847