Hide Forgot
This bug is created as a clone of upstream ticket: https://fedorahosted.org/freeipa/ticket/1985 If the CA certificate is signed by an external CA, certmonger might not be able to automatically update it. In fact, this is likely to require a financial transaction. The CA should send an email to a preconfigured account prior to expiration. If the CA cert expires, it will be very painful for an IPA based system, as all of the client machines certificates will be invalid. hey need to be notified of the new CA cert early enough to avoid triggering invalidation , and to keep their certifactes valid for the currently stated lifespan.
Thank you taking your time and submitting this request for Red Hat Enterprise Linux. Unfortunately, this bug was not given priority and was deferred both in the upstream project and in Red Hat Enterprise Linux. Given that we are unable to fulfil this request in following Red Hat Enterprise Linux releases, I am closing the Bugzilla as WONTFIX. To request that Red Hat re-considers the decision, please re-open the Bugzilla via appropriate support channels and provide additional business and/or technical details about its importance to you. Note that you can still track this request or even contribute patches in the referred upstream Pagure ticket.