Hi,
the attached patch fixes https://fedorahosted.org/freeipa/ticket/4717.
Honza
--
Jan Cholasta
From 871217e002b8a2ee4f58c42977ac680a5305de1a Mon Sep 17 00:00:00 2001
From: Jan Cholasta jchol...@redhat.com
Date: Tue, 18 Nov 2014 14:01:59 +
Subject: [PATCH] Fix wrong expiration date on renewed IPA CA certificates
The expiration date was always set to the expiration date of the original
certificate.
https://fedorahosted.org/freeipa/ticket/4717
---
freeipa.spec.in | 4 ++--
install/certmonger/dogtag-ipa-ca-renew-agent-submit | 2 ++
2 files changed, 4 insertions(+), 2 deletions(-)
diff --git a/freeipa.spec.in b/freeipa.spec.in
index af36703..b464189 100644
--- a/freeipa.spec.in
+++ b/freeipa.spec.in
@@ -140,7 +140,7 @@ Requires: python-dns = 1.11.1
Requires: zip
Requires: policycoreutils = 2.1.12-5
Requires: tar
-Requires(pre): certmonger = 0.75.13
+Requires(pre): certmonger = 0.76.8
Requires(pre): 389-ds-base = 1.3.3.5
Requires: fontawesome-fonts
Requires: open-sans-fonts
@@ -227,7 +227,7 @@ Requires: wget
Requires: libcurl = 7.21.7-2
Requires: xmlrpc-c = 1.27.4
Requires: sssd = 1.12.2
-Requires: certmonger = 0.75.6
+Requires: certmonger = 0.76.8
Requires: nss-tools
Requires: bind-utils
Requires: oddjob-mkhomedir
diff --git a/install/certmonger/dogtag-ipa-ca-renew-agent-submit b/install/certmonger/dogtag-ipa-ca-renew-agent-submit
index e5ad963..0a2cff1 100755
--- a/install/certmonger/dogtag-ipa-ca-renew-agent-submit
+++ b/install/certmonger/dogtag-ipa-ca-renew-agent-submit
@@ -146,6 +146,8 @@ def request_cert():
path = paths.DOGTAG_IPA_RENEW_AGENT_SUBMIT
args = [path] + sys.argv[1:]
+if os.environ.get('CERTMONGER_CA_PROFILE') == 'caCACert':
+args += ['-O', 'bypassCAnotafter=true']
stdout, stderr, rc = ipautil.run(args, raiseonerr=False, env=os.environ)
sys.stderr.write(stderr)
sys.stderr.flush()
--
2.1.0
___
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel