Issue #284: Update certmonger to use the IPA-based request, check, approve, retrieve workflow - certmonger

certmonger

#284 Update certmonger to use the IPA-based request, check, approve, retrieve workflow

Opened Nov 27, 2024 by rcritten. Modified Nov 27, 2024

certmonger currently communicates directly with the PKI XML API when renewing CA/KRA subsystem certificates.

This code needs to be replaced/augmented to use the IPA JSON API equivalents.

This will allow certmonger to be somewhat more agnostic when it comes to IPA.

A bootstrap is still needed to do the initial IPA CA installation because currently IPA at this point in an installation is not yet configured enough to provide its API.

The ultimate goal of this is to make IPA, and therefore certmonger, independent of the API(s) provided by PKI.

rcritten commented Nov 27, 2024

This needs to be paired with https://pagure.io/freeipa/issue/9704 which will provide the approve workflow necessary.

rcritten commented Nov 27, 2024

Current progress saved in branch https://pagure.io/fork/rcritten/certmonger/tree/issue_284

Metadata

Assignee

rcritten

Tags

None

Blocking

None

Depending on

None

Priority

None

Related Pull Requests

#296

Static archive. pagure.io was sunset in 2026; this is a read-only snapshot.

Fedora is sponsored by Red Hat. Learn more about the relationship between Red Hat and Fedora »

certmonger

#284 Update certmonger to use the IPA-based request, check, approve, retrieve workflow Opened Nov 27, 2024 by rcritten. Modified Nov 27, 2024

Metadata

Related Pull Requests

#284 Update certmonger to use the IPA-based request, check, approve, retrieve workflow

Opened Nov 27, 2024 by rcritten. Modified Nov 27, 2024