The attached patch fixes
https://fedorahosted.org/freeipa/ticket/6020
Thanks,
Fraser
From 15cca8e108c6d47a647cbc1dc647dcecbf334b9d Mon Sep 17 00:00:00 2001
From: Fraser Tweedale
Date: Mon, 4 Jul 2016 13:05:28 +1000
Subject: [PATCH] uninstall: untrack lightweight CA certs
Fixes: https://fedorahosted.org/freeipa/ticket/6020
---
ipaserver/install/cainstance.py | 6 ++
1 file changed, 6 insertions(+)
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index
5e3e8c7f9a1845b82d23de589f804aa065387b38..070498fe8a394802ea55f848a268e2b6563ec472
100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -1127,6 +1127,12 @@ class CAInstance(DogtagInstance):
"""
super(CAInstance, self).stop_tracking_certificates(False)
+# stop tracking lightweight CA signing certs
+for request_id in certmonger.get_requests_for_dir(self.nss_db):
+nickname = certmonger.get_request_value(request_id, 'key-nickname')
+if nickname.startswith('caSigningCert cert-pki-ca '):
+certmonger.stop_tracking(self.nss_db, nickname=nickname)
+
try:
certmonger.stop_tracking(paths.HTTPD_ALIAS_DIR, nickname='ipaCert')
except RuntimeError as e:
--
2.5.5
--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code