URL: https://github.com/freeipa/freeipa/pull/1441
Author: amitkumar50
Title: #1441: Removing ipaCert Private key & certificate after ipa upgrade
Action: opened
PR body:
"""
`# yum install ipa-server -y {IPA 4.4}`
`# ipa-server-install`
`#yum update ipa-* -y`
`# ls -ltr /etc/httpd/alias`
Presently "-D" option only removes Cert.
**`certutil ... -D -n ipaCert`**
Using '-F' option to remove Private key and cert both
**`certutil ... -F -n ipaCert`**
Resolves: https://pagure.io/freeipa/issue/7329
"""
To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/1441/head:pr1441
git checkout pr1441
From ea0a788e04d55f5e709ae0fd61dd3176c956bfcc Mon Sep 17 00:00:00 2001
From: amitkuma <amitk...@redhat.com>
Date: Mon, 8 Jan 2018 17:22:01 +0530
Subject: [PATCH] Removing ipaCert Private key & certificate after ipa upgrade
# yum install ipa-server -y {IPA 4.4}
# ipa-server-install
# yum update ipa-* -y
# ls -ltr /etc/httpd/alias
Presently "-D" option only removes Cert.
certutil ... -D -n ipaCert
Using '-F' option to remove Private key and cert both
certutil ... -F -n ipaCert
Resolves: https://pagure.io/freeipa/issue/7329
---
ipapython/certdb.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/ipapython/certdb.py b/ipapython/certdb.py
index 4b93e77d26..67a5d3be30 100644
--- a/ipapython/certdb.py
+++ b/ipapython/certdb.py
@@ -791,7 +791,7 @@ def add_cert(self, cert, nick, flags):
self.run_certutil(args, stdin=cert.public_bytes(x509.Encoding.PEM))
def delete_cert(self, nick):
- self.run_certutil(["-D", "-n", nick])
+ self.run_certutil(["-F", "-n", nick])
def verify_server_cert_validity(self, nickname, hostname):
"""Verify a certificate is valid for a SSL server with given hostname
_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
