[Freeipa-devel] [PATCH] 340 Add OCSP and CRL URIs to certificates
Martin Kosek
mkosek at redhat.com
Thu Dec 6 15:48:15 UTC 2012
On 12/06/2012 04:45 PM, Martin Kosek wrote:
> Modify the default IPA CA certificate profile to include CRL and
> OCSP extensions which will add URIs to IPA CRL&OCSP to published
> certificates.
>
> Both CRL and OCSP extensions have 2 URIs, one pointing directly to
> the IPA CA which published the certificate and one to a new CNAME
> ipa-ca.$DOMAIN which was introduced as a general CNAME pointing
> to all IPA replicas which have CA configured.
>
> The new CNAME is added either during new IPA server/replica/CA
> installation or during upgrade.
>
> https://fedorahosted.org/freeipa/ticket/3074
> https://fedorahosted.org/freeipa/ticket/1431
>
> ----
>
> This patch originates in Rob's WIP OCSP patch, which I had to rewrite to make
> things working as we want to :-)
>
> Martin
>
I knew the subject is wrong the moment I clicked the Send button... Sending a
fixed patch.
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkosek-340-add-ocsp-and-crl-uris-to-certificates.patch
Type: text/x-patch
Size: 30477 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20121206/1909a153/attachment.bin>
More information about the Freeipa-devel
mailing list