Bug 602397 - CA cert is installed in NSS databases under different nicknames
CA cert is installed in NSS databases under different nicknames
Product: freeIPA
Classification: Community
Component: ipa-server (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Rob Crittenden
Chandrasekar Kannan
Depends On:
  Show dependency treegraph
Reported: 2010-06-09 15:06 EDT by John Dennis
Modified: 2015-01-04 18:42 EST (History)
4 users (show)

See Also:
Fixed In Version: freeipa-2.0.0-1.fc15
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2012-03-28 05:36:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description John Dennis 2010-06-09 15:06:18 EDT
After doing server and client install on the same machine the CA cert installed in several NSS databases, but the nickname used to refer to the cert is different, they should for consistency and ease of use be referred to by the same name.

/etc/httpd/alias:                 "CA certificate"
/etc/pki/nssdb:                   "IPA CA"
/etc/dirsrv/slapd-<ipa_instance>: "CA certificate"

I would suggest the name "IPA CA" is preferred as it clearly identifies which CA it is.
Comment 1 Rob Crittenden 2010-09-07 15:52:49 EDT
Added as trac task https://fedorahosted.org/freeipa/ticket/181
Comment 2 Martin Kosek 2011-03-22 07:27:10 EDT
Fixed in 3703062ab25a7817581eefa2f89214e8a6244bee.

Note You need to log in before you can comment on or make changes to this bug.