Loading...

Linking RHIVOS CVEs to...

Migration: Automation ...

SWIFT: POC Conversion

Sync from "Extern...

XML

Word

Printable

Type: Story
Resolution: Done-Errata
Priority: Critical
Fix Version/s: rhel-10.0
Affects Version/s: None
Component/s: ipa
Labels:
- commit
- fixed_upstream

Fixed in Build:
ipa-4.12.2-8.el10
Severity:
None
Epic Link:
FREEIPA-11600
sprint_count:
6

AssignedTeam:
rhel-idm-ipa
Sub-System Group:

ssg_idm

Dev Target Milestone:
16
Internal Target Milestone:
14
Story Points:
3
ACKs Check:

QE ack, Dev ack
Target Version:

rhel-10.0
Blocked:
False
Ready:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
Yes
Sprint:
2024-Q3-Bravo-S6, 2024-Q4-Bravo-S1, 2024-Q4-Bravo-S2, 2024-Q4-Bravo-S3, 2024-Q4-Bravo-S4, 2024-Q4-Bravo-S5
Release Blocker:
Approved Exception

Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/139322
Test Coverage:

Automated

Release Note Type:
Enhancement
Release Note Text:

Hide
.Automated removal of expired certificates is enabled by default

With this update, automated removal of expired certificates is now enabled by default in Identity Management (IdM) on new replicas. A prerequisite for this is the generation of random serial numbers for certificates using RSNv3, which is now also enabled by default.

As a result, certificates are now created with random serial numbers and are removed automatically when expired, after a default retention period of 30 days after expiry.

Show
.Automated removal of expired certificates is enabled by default With this update, automated removal of expired certificates is now enabled by default in Identity Management (IdM) on new replicas. A prerequisite for this is the generation of random serial numbers for certificates using RSNv3, which is now also enabled by default. As a result, certificates are now created with random serial numbers and are removed automatically when expired, after a default retention period of 30 days after expiry.
Release Note Status:
Done

Experience:

PX Review Complete:
SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Goal

Enable RSN and enable cert pruning by default in RHEL10
Allow/force the replica to install with RSN as well

Acceptance Criteria

A list of verification conditions, successful functional tests, or expected outcomes in order to declare this story/task successfully completed.

IdM in RHEL10.0-beta uses/forces RSN as default
Migration procedure from RHEL9 to RHEL10 exists

is blocked by

RHEL-60787 VLV errors in Fedora 40 with RSNv3 and pruning enabled

Closed

links to

freeipa pagure 9706

RHBA-2024:139322 ipa bug fix and enhancement update

Test Requirement (IDM-304191)

Upstream issue https://pagure.io/freeipa/issue/9661

Assignee:: Rob Crittenden

Reporter:: Francisco Trivino Garcia

Developer:: Florence Renaud

QA Contact:: Rizwan Shaikh

Doc Contact:: David Vozenilek

Votes:: 0 Vote for this issue

Watchers:: 12 Start watching this issue

Created:: 2024/09/05 12:38 PM

Updated:: 2025/05/13 11:04 AM

Resolved:: 2025/05/13 11:04 AM

Dev Target end:: 2024/12/09

Target end:: 2024/11/25

Next Planned Release Date:: 2025/05/13

Release Date:: 2025/05/13