[SERVER-2465] Detect correct signing cert/crl by other means than order in respective files - Puppet Tickets

XML

Word

Printable

Details

Type: Improvement
Status: Resolved
Priority: Normal
Resolution: Done
Affects Version/s: None
Fix Version/s: SERVER 6.0.5, SERVER 6.3.1, SERVER 6.5.0
Component/s: None
Labels:
- resolved-issue-added

Epic Link:
Improve CA Import
Team:
Froyo

Release Notes:
Enhancement
Release Notes Summary:
Cert and CRL bundles now no longer need to be in any specific order. By default, the leaf instances will still come first, descending to the root, which will be last.

QA Risk Assessment:
Needs Assessment

Description

We currently require cert and crl chains to be in a pem file with the signing cert/crl listed first. We should instead read in all certs/crls and determine signing cert/crl by another rubric (privatekey, issuer, or ca_name...) and then write the file back out in the same order we read them from disk.

Attachments

Issue Links

relates to

SERVER-2552 The puppetserver ca import command should initialize a CRL for the intermediate CA

Resolved

Activity

People

Assignee:: Patrick Carlisle

Reporter:: Justin Stoller

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2019/02/15 12:31 PM

Updated:: 2019/07/15 11:11 AM

Resolved:: 2019/07/12 9:04 AM