[Freeipa-devel] [PATCH] 1033 renew CA subsystem certificates
Andrew Wnuk
awnuk at redhat.com
Mon Jul 16 20:51:06 UTC 2012
On 07/16/2012 01:35 PM, Rob Crittenden wrote:
> Nalin Dahyabhai wrote:
>> On Mon, Jul 16, 2012 at 09:23:24AM -0400, Rob Crittenden wrote:
>>> Use the new certmonger capability to be able to renew the dogtag
>>> subsystem certificates (audit, OCSP, etc).
>>
>> Are the copies of the certificates in the pki-ca CS.cfg file being
>> updated elsewhere? Or is it not turning out to be a problem if they
>> aren't?
>
> I didn't test validating OCSP signatures but the audit subsystem
> seemed fine (it complained wildly when I had the wrong trust in the
> NSS db).
>
> Andrew, do I need to update CS.cfg as well?
>
Yes, you may need update CS.cfg too.
Andrew
More information about the Freeipa-devel
mailing list