Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-113257

rebase certmonger in RHEL 10.2 for PKI API

Linking RHIVOS CVEs to...Migration: Automation ...SWIFT: POC ConversionSync from "Extern...XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Normal Normal
    • rhel-10.2
    • rhel-10.2
    • certmonger
    • None
    • certmonger-0.79.21-1.el10
    • No
    • Important
    • 1
    • rhel-idm-pki
    • 3
    • False
    • Hide

      The compose is broken. https://issues.redhat.com/browse/ENGCMP-5734

      2025-10-02T13:35:08 Depsolve Error occurred:
      2025-10-02T13:35:08 Problem: package iptables-nft-1.8.11-11.el10.x86_64 from test-appstream-compose requires kernel-modules-extra-matched, but none of the providers can be installed
      2025-10-02T13:35:08 - package python3-ipatests-4.12.2-25.el10.noarch from test-crb-compose requires iptables, but none of the providers can be installed
      2025-10-02T13:35:08 - package kernel-6.12.0-135.el10.x86_64 from @System requires (kernel-modules-extra-uname-r = 6.12.0-135.el10.x86_64 if kernel-modules-extra-matched), but none of the providers can be installed
      2025-10-02T13:35:08 - cannot install the best candidate for the job
      2025-10-02T13:35:08 - problem with installed package kernel-6.12.0-135.el10.x86_64
      2025-10-02T13:35:08 rc: 1
      2025-10-02T13:35:08 results: []

      Show
      The compose is broken. https://issues.redhat.com/browse/ENGCMP-5734 2025-10-02T13:35:08 Depsolve Error occurred: 2025-10-02T13:35:08 Problem: package iptables-nft-1.8.11-11.el10.x86_64 from test-appstream-compose requires kernel-modules-extra-matched, but none of the providers can be installed 2025-10-02T13:35:08 - package python3-ipatests-4.12.2-25.el10.noarch from test-crb-compose requires iptables, but none of the providers can be installed 2025-10-02T13:35:08 - package kernel-6.12.0-135.el10.x86_64 from @System requires (kernel-modules-extra-uname-r = 6.12.0-135.el10.x86_64 if kernel-modules-extra-matched), but none of the providers can be installed 2025-10-02T13:35:08 - cannot install the best candidate for the job 2025-10-02T13:35:08 - problem with installed package kernel-6.12.0-135.el10.x86_64 2025-10-02T13:35:08 rc: 1 2025-10-02T13:35:08 results: []
    • No
    • PKI: RHELs for 10.2 and 9.8
    • Requested
    • None
    • Unspecified Release Note Type - Unknown
    • Unspecified
    • Unspecified
    • Unspecified
    • None

      certmonger was updated to optionally direct all certificate requests via the IPA API rather than directly to the CA using a mix of its XML and REST APIs.

      This was done to reduce the complexity of the communication API and centralize it within IPA. A new json-uri option was added which indicates that communication will go through IPA.

      The XML API is still the default for the CA subsystem certificates so this will have no impact on existing users. Once the IPA work is complete it will be configured to use the json-uri option and funnel requests through its own API.

      This work is merged into upstream certmonger and will need to be pulled into RHEL for the IPA-PKI API work to be completed.

              rhn-engineering-rcrit Rob Crittenden
              rhn-engineering-rcrit Rob Crittenden
              Rob Crittenden Rob Crittenden
              Sumedh Sidhaye Sumedh Sidhaye
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: