[Freeipa-devel] [PATCH] 1059 single CRL generator
Rob Crittenden
rcritten at redhat.com
Thu Oct 4 16:17:44 UTC 2012
This changes the way IPA generates CRLs for new installs only.
The first master installed is configured as the CRL generator. An entry
is added to cn=masters that designates it.
When a replica is installed it queries this entry so it knows where to
forward CRL requests. CRL files are not available on cloned CAs (so
/ipa/crl will return not found). It is possible to get a CRL directly
from the clone CA via
http://<hostname>:9180/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=MasterCRL
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-1059-crl.patch
Type: text/x-diff
Size: 6022 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20121004/e60e5fbb/attachment.bin>
More information about the Freeipa-devel
mailing list