Hide Forgot
Documentation available at: https://frasertweedale.github.io/blog-redhat/posts/2020-05-06-ipa-acme-intro.html https://frasertweedale.github.io/blog-redhat/posts/2020-05-07-ipa-acme-mod_md.html https://frasertweedale.github.io/blog-redhat/posts/2020-05-13-ipa-acme-dns.html
Fixed upstream master: https://pagure.io/freeipa/c/2b6faa362f3ee2a63e3597f8734867d8e9d4df7d https://pagure.io/freeipa/c/dd301a453521a177d9f34df25d3e6d203c9507ea https://pagure.io/freeipa/c/5883cff0b7b62da3fcb3dfb7920a9f993cbcb568 https://pagure.io/freeipa/c/a21823da7fcce521838764df5280295ccbdb8157 https://pagure.io/freeipa/c/b3565290fefb6e14583b50d3c411a8861a4fa844 https://pagure.io/freeipa/c/c309d4a4d0c19df80808b2ce9352ce2af2a30a3c https://pagure.io/freeipa/c/3c8352f9a7f977bc994e4b5b558fb3c7db20f40e https://pagure.io/freeipa/c/d15000bed6bc5262a80aadeb5f85a476ed44799f https://pagure.io/freeipa/c/00a84464eae31150714f667df67774ebe34b8514 https://pagure.io/freeipa/c/083c6aedc6d8046c19f637ec34723812f292a0e9 https://pagure.io/freeipa/c/7b00035764197c0aff0c7d2de638dc174abacf9f https://pagure.io/freeipa/c/ab7226dcef8c8390fc9a1e939680ba9f4f5121bd https://pagure.io/freeipa/c/bb6d84903967bc6176d8a0817b602ba314129417 https://pagure.io/freeipa/c/85d0272053dbafab19c1f98cacc5ce6e1a828667 https://pagure.io/freeipa/c/f9f3b3b118ccb0c4052d15387d128886ec293463 https://pagure.io/freeipa/c/e976dde8e1429ee023a76ddbe0e6b16a495a1ef2 https://pagure.io/freeipa/c/a83eaa8b6da8e5937a7f42a90310f69b8f66e6d4 https://pagure.io/freeipa/c/678b8e682b37daa5217c0098cd6ce42c324b3955 https://pagure.io/freeipa/c/525b946b75760a1ef90e1aae8e5052124fb0075c https://pagure.io/freeipa/c/1f720560273e16ca6c5e646a1f4bf0a7ec354aa5
Add support for global configuration and more integration tests Fixed upstream master: https://pagure.io/freeipa/c/2ef53196c6a012ad7d02aed5672d69fbcb5d0a4e https://pagure.io/freeipa/c/e13d058a066bdbd8a81b794b6f18ca8eca1f31c8 https://pagure.io/freeipa/c/c0d55ce6de5e41a98b1e37e23e8bdb339e772c0f https://pagure.io/freeipa/c/92c3ea4e293a4fca58269265b7fbf511024dab59 https://pagure.io/freeipa/c/69ae48c8b614a23f530ec6ed33c9019e0b491e50 https://pagure.io/freeipa/c/e7fd791579eca8b7a1c30b4f17bfac7c4fafe2a7 https://pagure.io/freeipa/c/d4ef64b229541200564131e927cd0b4b32662fe2
Require a SAN for ipa-ca when installing 3rd party certificates. Fixed upstream master: https://pagure.io/freeipa/c/2768b0dbaf0e07bc632a4867b13ef4c5ac875372 https://pagure.io/freeipa/c/e0ff82c884356a6c9fcd0fef66580de30ec5af87 https://pagure.io/freeipa/c/c8f13cd85503f2713c616eccfd7c37e52792c7ef
Tests for External-CA scenarios for ACME service Fixed upstream master: https://pagure.io/freeipa/c/9dccf17a6c6ce023661a33fdb1f65314ef6a053f https://pagure.io/freeipa/c/cbbfcd9b1e9bbcce864957423085d362e6d44c72 https://pagure.io/freeipa/c/c4a6b0e5662f539b8438cdbc593eb713ea8c6da2
Additional commit bumping the Requires for pki-server: Fixed upstream master: https://pagure.io/freeipa/c/6816de0892a11c203f1a2e6f7819d533c7658fa9
Additional commit bumping the Requires for pki-server: Fixed upstream ipa-4-9: 3e530e93c37ee71a560714e26285cd85e71557c9
Builds used for verification: ipa-client-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.x86_64 ipa-client-common-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.noarch ipa-common-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.noarch ipa-healthcheck-core-0.7-3.module+el8.4.0+9007+5084bdd8.noarch ipa-selinux-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.noarch ipa-server-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.x86_64 ipa-server-common-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.noarch ipa-server-dns-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.noarch ipa-server-trust-ad-4.9.0-0.5.rc3.module+el8.4.0+9124+ced20601.x86_64 test_integration/test_acme.py::TestACME::test_kinit_master PASSED [ 3%] test_integration/test_acme.py::TestACME::test_acme_service_not_yet_enabled PASSED [ 7%] test_integration/test_acme.py::TestACME::test_enable_acme_service PASSED [ 11%] test_integration/test_acme.py::TestACME::test_centralize_acme_enable PASSED [ 15%] test_integration/test_acme.py::TestACME::test_certbot_register SKIPPED [ 19%] test_integration/test_acme.py::TestACME::test_certbot_certonly_standalone SKIPPED [ 23%] test_integration/test_acme.py::TestACME::test_certbot_revoke SKIPPED [ 26%] test_integration/test_acme.py::TestACME::test_certbot_dns SKIPPED [ 30%] test_integration/test_acme.py::TestACME::test_mod_md SKIPPED [ 34%] test_integration/test_acme.py::TestACME::test_disable_acme_service PASSED [ 38%] test_integration/test_acme.py::TestACME::test_centralize_acme_disable PASSED [ 42%] test_integration/test_acme.py::TestACME::test_third_party_certs PASSED [ 46%] test_integration/test_acme.py::TestACMECALess::test_caless_to_cafull_replica PASSED [ 50%] test_integration/test_acme.py::TestACMECALess::test_enable_caless_to_cafull_replica PASSED [ 53%] test_integration/test_acme.py::TestACMEwithExternalCA::test_kinit_master PASSED [ 57%] test_integration/test_acme.py::TestACMEwithExternalCA::test_acme_service_not_yet_enabled PASSED [ 61%] test_integration/test_acme.py::TestACMEwithExternalCA::test_enable_acme_service PASSED [ 65%] test_integration/test_acme.py::TestACMEwithExternalCA::test_centralize_acme_enable PASSED [ 69%] test_integration/test_acme.py::TestACMEwithExternalCA::test_certbot_register SKIPPED [ 73%] test_integration/test_acme.py::TestACMEwithExternalCA::test_certbot_certonly_standalone SKIPPED [ 76%] test_integration/test_acme.py::TestACMEwithExternalCA::test_certbot_revoke SKIPPED [ 80%] test_integration/test_acme.py::TestACMEwithExternalCA::test_certbot_dns SKIPPED [ 84%] test_integration/test_acme.py::TestACMEwithExternalCA::test_mod_md SKIPPED [ 88%] test_integration/test_acme.py::TestACMEwithExternalCA::test_disable_acme_service PASSED [ 92%] test_integration/test_acme.py::TestACMEwithExternalCA::test_centralize_acme_disable PASSED [ 96%] test_integration/test_acme.py::TestACMEwithExternalCA::test_third_party_certs PASSED [100%]
Hello Kaleem, 1) This bug has automatically generated the following Documentation JIRA ticket: "RHELPLAN-47725 - [RFE] IdM short-term certificates ACME provider" https://issues.redhat.com/browse/RHELPLAN-47725 2) The documentation team has previously created 2 tickets that I think correspond to the 2 items from this bug's description: a) Service automatically acquire a certificates RHELPLAN-43501 - [DOC][ACME] Service automatically acquires a certificate https://issues.redhat.com/browse/RHELPLAN-43501 But we closed that general ticket because we created multiple tickets for specific ACME features/functionality: RHELPLAN-58595 - Deploy ACME service on upgrade -- https://issues.redhat.com/browse/RHELPLAN-58595 RHELPLAN-58596 - Support ACME protocol -- https://issues.redhat.com/browse/RHELPLAN-58596 RHELPLAN-58599 - Deploy ACME service on CA installation -- https://issues.redhat.com/browse/RHELPLAN-58599 RHELPLAN-58601 - FreeIPA commands to enable/disable ACME service -- https://issues.redhat.com/browse/RHELPLAN-58601 RHELPLAN-58613 - Add FreeIPA ACME certificate profile -- https://issues.redhat.com/browse/RHELPLAN-58613 b) Deploy & manage the ACME service topology wide from a single system RHELPLAN-58598 - [DOC][ACME] Deploy & manage the ACME service topology wide from a single system https://issues.redhat.com/browse/RHELPLAN-58598 Could you please let us know if we've missed anything?
Hi Jo, I missed looking at doc jira ticket. Should not we set the doc flag/field for this? Doc Text, require_doc_text?
Test added upstream: ipatests/test_integration/test_acme.py::TestACMECARenew master: https://pagure.io/freeipa/c/d2ca7915498cd1bdf5483af4b155296766f6e718
Test added upstream: ipa-4-9: https://pagure.io/freeipa/c/a7ff4089437ee20bbce7fc55d43a7702dd7540a7
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:1846