Bug 1256037 - [Documentation bug]: Possible missing step in CA cert renewal instructions
[Documentation bug]: Possible missing step in CA cert renewal instructions
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: doc-Identity_Management_Guide (Show other bugs)
Unspecified Unspecified
low Severity low
: rc
: ---
Assigned To: Marc Muehlfeld
Namita Soman
: Documentation, EasyFix
Depends On:
  Show dependency treegraph
Reported: 2015-08-23 10:26 EDT by Daniel Riek
Modified: 2016-05-11 03:08 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2016-05-11 03:08:26 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Daniel Riek 2015-08-23 10:26:43 EDT
Following the instructions in https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Identity_Management_Guide/cas.html to renew an external CA certificate, the old cert was left in /etc/httpd/alias/cacert.asc . This subsequently lead to issues because ipa-replica-prepare uses that file.

Step 6 in the above guide should add the following command:
ln -sf /usr/share/ipa/html/ca.crt /etc/httpd/alias/cacert.asc
Comment 3 Jan Cholasta 2015-09-21 01:46:59 EDT
This is indeed a bug in the guide. The "Update the CA certificate in the file system" step in the "Install the new CA certificate on your first-installed IdM server", "Install the new CA certificate on other IdM servers with a CA" and "Install the new CA certificate on other IdM masters without a CA" chapters in the guide should be changed to:

  Update the CA certificate in the file system:

    # cp /root/ipa.crt /etc/ipa/ca.crt
    # cat /root/ipa.crt /root/external-ca.pem >/etc/httpd/alias/cacert.asc
    # cp /etc/httpd/alias/cacert.asc /usr/share/ipa/html/ca.crt

Changing the component to doc-Identity_Management_Guide.
Comment 5 Marc Muehlfeld 2016-04-25 02:24:00 EDT
I updated the commands in all three steps.

Note You need to log in before you can comment on or make changes to this bug.