diff options
author | Jan Cholasta <jcholast@redhat.com> | 2014-11-18 14:01:59 +0000 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2014-11-19 14:25:26 +0000 |
commit | 52b141ca6a257b8f12d9ad2ade812ec1bfebf0d7 (patch) | |
tree | 370ff8e0f28a77a9ee4681c5b1e801782913baee /install | |
parent | 310e46452c41223afa0b1b318c503574567df105 (diff) | |
download | freeipa-52b141ca6a257b8f12d9ad2ade812ec1bfebf0d7.tar.gz freeipa-52b141ca6a257b8f12d9ad2ade812ec1bfebf0d7.tar.xz freeipa-52b141ca6a257b8f12d9ad2ade812ec1bfebf0d7.zip |
Fix wrong expiration date on renewed IPA CA certificates
The expiration date was always set to the expiration date of the original
certificate.
https://fedorahosted.org/freeipa/ticket/4717
Reviewed-By: David Kupka <dkupka@redhat.com>
Diffstat (limited to 'install')
-rwxr-xr-x | install/certmonger/dogtag-ipa-ca-renew-agent-submit | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/install/certmonger/dogtag-ipa-ca-renew-agent-submit b/install/certmonger/dogtag-ipa-ca-renew-agent-submit index e5ad9639b..0a2cff148 100755 --- a/install/certmonger/dogtag-ipa-ca-renew-agent-submit +++ b/install/certmonger/dogtag-ipa-ca-renew-agent-submit @@ -146,6 +146,8 @@ def request_cert(): path = paths.DOGTAG_IPA_RENEW_AGENT_SUBMIT args = [path] + sys.argv[1:] + if os.environ.get('CERTMONGER_CA_PROFILE') == 'caCACert': + args += ['-O', 'bypassCAnotafter=true'] stdout, stderr, rc = ipautil.run(args, raiseonerr=False, env=os.environ) sys.stderr.write(stderr) sys.stderr.flush() |