Bug 602397

Summary: CA cert is installed in NSS databases under different nicknames
Product: [Retired] freeIPA Reporter: John Dennis <jdennis>
Component: ipa-serverAssignee: Rob Crittenden <rcritten>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: medium Docs Contact:
Priority: low    
Version: 2.0CC: benl, dpal, jgalipea, mkosek
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: freeipa-2.0.0-1.fc15 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-03-28 09:36:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description John Dennis 2010-06-09 19:06:18 UTC 
After doing server and client install on the same machine the CA cert installed in several NSS databases, but the nickname used to refer to the cert is different, they should for consistency and ease of use be referred to by the same name.

/etc/httpd/alias:                 "CA certificate"
/etc/pki/nssdb:                   "IPA CA"
/etc/dirsrv/slapd-<ipa_instance>: "CA certificate"

I would suggest the name "IPA CA" is preferred as it clearly identifies which CA it is.
Comment 1 Rob Crittenden 2010-09-07 19:52:49 UTC 
Added as trac task https://fedorahosted.org/freeipa/ticket/181
Comment 2 Martin Kosek 2011-03-22 11:27:10 UTC 
Fixed in 3703062ab25a7817581eefa2f89214e8a6244bee.