RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 733440 - [RFE] add option to allow server to start with an expired certificate
Summary: [RFE] add option to allow server to start with an expired certificate
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: 389-ds-base
Version: 6.2
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: rc
: ---
Assignee: Rich Megginson
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On: 728592
Blocks: 690318 728950
TreeView+ depends on / blocked
 
Reported: 2011-08-25 17:37 UTC by Rich Megginson
Modified: 2015-01-04 23:50 UTC (History)
9 users (show)

Fixed In Version: 389-ds-base-1.2.9.8-1.el6
Doc Type: Enhancement
Doc Text:
Clone Of: 728592
Environment:
Last Closed: 2011-12-06 17:56:09 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2011:1711 0 normal SHIPPED_LIVE 389-ds-base bug fix and enhancement update 2011-12-06 01:02:20 UTC

Description Rich Megginson 2011-08-25 17:37:44 UTC 
This was fixed after 1.2.9.6 so not included in the rebase, so it has been cloned.

+++ This bug was initially created as a clone of Bug #728592 +++

Description of problem:

389-ds is the heart of IPA and in order to renew any certificate it needs to be up and running. We therefore need an option in dse.ldif to allow 389-ds to launch even if its certificate is expired, understanding that proper SSL clients will not communicate with it.

This relates to IPA ticket https://fedorahosted.org/freeipa/ticket/1576

--- Additional comment from rmeggins on 2011-08-08 11:33:46 EDT ---

What is the severity?  What is the timeframe you need a solution by?
also see my comments in the ticket

--- Additional comment from nkinder on 2011-08-23 17:25:14 EDT ---

Created attachment 519524 [details]
Patch

--- Additional comment from nkinder on 2011-08-23 17:46:21 EDT ---

Pushed patch to master.  Thanks to Noriko and Rich for their reviews!

Counting objects: 21, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (11/11), done.
Writing objects: 100% (11/11), 2.09 KiB, done.
Total 11 (delta 9), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   96663b0..971dded  master -> master

--- Additional comment from nkinder on 2011-08-23 17:50:40 EDT ---

Pushed patch to 389-ds-base-1.2.9 branch:

Counting objects: 21, done.
Delta compression using up to 2 threads.
Compressing objects: 100% (11/11), done.
Writing objects: 100% (11/11), 2.09 KiB, done.
Total 11 (delta 9), reused 0 (delta 0)
To ssh://git.fedorahosted.org/git/389/ds.git
   c0b0ef8..5ff4af3  129-local -> 389-ds-base-1.2.9
Comment 2 Amita Sharma 2011-10-13 09:42:48 UTC 
Bug test is automated under SSL test suit and test cases are passing hence marking as VERIFIED.
Comment 3 errata-xmlrpc 2011-12-06 17:56:09 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHEA-2011-1711.html
Note You need to log in before you can comment on or make changes to this bug.