On 8/3/2016 7:39 PM, Endi Sukma Dewata wrote: > To fix cloning issue in IPA the security_database.py has been > modified to import all certificates and keys in the PKCS #12 file > before the PKI server is started. Since the PKCS #12 generated by > IPA may not contain the certificate trust flags, the script will > also reset the trust flags on the imported certificates (i.e. > CT,C,C for CA certificate and u,u,Pu for audit certificate). > > https://fedorahosted.org/pki/ticket/2424 Patch #808 has been updated to add pkcs12.show_certs() and nssdb.show_certs(). Patch #809 has been rebased.