Fix wrong expiration date on renewed IPA CA certificates

The expiration date was always set to the expiration date of the original certificate. https://fedorahosted.org/freeipa/ticket/4717 Reviewed-By: David Kupka <dkupka@redhat.com>
author: Jan Cholasta <jcholast@redhat.com> 2014-11-18 14:01:59 +0000
committer: Jan Cholasta <jcholast@redhat.com> 2014-11-19 14:25:26 +0000
commit: 7aa855a37b1996588d7d2084176e38145b1587be (patch)
tree: 9c6408ab87860a2478b4edccd2e7aae2968f666a /install
parent: 38130c632bda27711407f5c74f26031da5b52ad6 (diff)
download: freeipa-7aa855a37b1996588d7d2084176e38145b1587be.tar.gz
freeipa-7aa855a37b1996588d7d2084176e38145b1587be.tar.xz
freeipa-7aa855a37b1996588d7d2084176e38145b1587be.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/install/certmonger/dogtag-ipa-ca-renew-agent-submit b/install/certmonger/dogtag-ipa-ca-renew-agent-submit
index e5ad9639b..0a2cff148 100755
--- a/install/certmonger/dogtag-ipa-ca-renew-agent-submit
+++ b/install/certmonger/dogtag-ipa-ca-renew-agent-submit
@@ -146,6 +146,8 @@ def request_cert():
 
     path = paths.DOGTAG_IPA_RENEW_AGENT_SUBMIT
     args = [path] + sys.argv[1:]
+    if os.environ.get('CERTMONGER_CA_PROFILE') == 'caCACert':
+        args += ['-O', 'bypassCAnotafter=true']
     stdout, stderr, rc = ipautil.run(args, raiseonerr=False, env=os.environ)
     sys.stderr.write(stderr)
     sys.stderr.flush()
author	Jan Cholasta <jcholast@redhat.com>	2014-11-18 14:01:59 +0000
committer	Jan Cholasta <jcholast@redhat.com>	2014-11-19 14:25:26 +0000
commit	7aa855a37b1996588d7d2084176e38145b1587be (patch)
tree	9c6408ab87860a2478b4edccd2e7aae2968f666a /install
parent	38130c632bda27711407f5c74f26031da5b52ad6 (diff)
download	freeipa-7aa855a37b1996588d7d2084176e38145b1587be.tar.gz freeipa-7aa855a37b1996588d7d2084176e38145b1587be.tar.xz freeipa-7aa855a37b1996588d7d2084176e38145b1587be.zip