Bug 1345755 - Support for specifying IPA lightweight CA
Summary: Support for specifying IPA lightweight CA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: certmonger
Version: 7.3
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: Jan Cholasta
QA Contact: Kaleem
Depends On:
Blocks: 1200731
TreeView+ depends on / blocked
Reported: 2016-06-13 06:49 UTC by Jan Cholasta
Modified: 2016-11-04 07:50 UTC (History)
8 users (show)

Fixed In Version: certmonger-0.78.4-3.el7
Doc Type: If docs needed, set a value
Doc Text:
IdM now supports sub-CAs Previously, Identity Management (IdM) only supported one certificate authority (CA) that was used to sign all certificates issued within the IdM domain. Now, you can use lightweight sub-CAs for better control over the purpose for which a certificate can be used. For example, a Virtual Private Network (VPN) server can be configured to only accept certificates issued by a sub-CA created for that purpose, rejecting certificates issued by other sub-CAs, such as a smart card CA. To support this functionality, you can now specify an IdM lightweight sub-CA when requesting a certificate with certmonger. For details, see https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7-Beta/html-single/Linux_Domain_Identity_Authentication_and_Policy_Guide/index.html#lightweight-sub-cas
Clone Of:
Last Closed: 2016-11-04 07:50:44 UTC
Target Upstream Version:

Attachments (Terms of Use)
console.log (1.99 KB, text/plain)
2016-09-20 06:20 UTC, Abhijeet Kasurde
no flags Details

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2016:2519 0 normal SHIPPED_LIVE certmonger bug fix update 2016-11-03 14:15:16 UTC

Description Jan Cholasta 2016-06-13 06:49:52 UTC
This bug is created as a clone of upstream ticket:

Certmonger needs a way to specify an IPA lightweight CA name when
requesting a certificate.  It is the Certmonger side of

Design page: http://www.freeipa.org/page/V4/Sub-CAs#Certmonger

Comment 6 Abhijeet Kasurde 2016-08-17 08:54:47 UTC
Marking as FailedQA as found following bug - BZ1367683

Comment 9 Abhijeet Kasurde 2016-09-20 06:16:59 UTC
Verified using IPA and Certmonger version::

Marking BZ as verified.

Comment 10 Abhijeet Kasurde 2016-09-20 06:20:12 UTC
Created attachment 1202712 [details]

Comment 12 errata-xmlrpc 2016-11-04 07:50:44 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.