[Freeipa-devel] [PATCH] 1055 update audit cert renewal time
Rob Crittenden
rcritten at redhat.com
Tue Oct 9 15:29:20 UTC 2012
Martin Kosek wrote:
> On 09/20/2012 11:58 PM, Rob Crittenden wrote:
>> Rob Crittenden wrote:
>>> The CA audit certificate is initially valid for two years but its
>>> profile has it renewing at six months. This bumps the value up to two
>>> years to match the other certificates.
>>>
>>> This relies on Petr's and Ade's dogtag 10 patches.
>>
>> Updated patch. The value of policyset.caLogSigningSet.2.constraint.params.range
>> needs to be bumped to 720 as well.
>>
>> rob
>>
>
> 1) I do not see the updated patch with the described change
>
> 2) Patch needs a rebase
>
> 3) In upgrade_ipa_profile function, please rather adopt the concept of
> restarting the CA just once ("ca_restart" variable), at the end of the
> ipa-upgraceconfig. With your change, CA would be restarted at least twice -
> once for audit cert renewal update and then for CRL location change.
>
> Otherwise it works OK - profile is updated.
>
> Martin
>
done
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-rcrit-1055-3-auditrenewal.patch
Type: text/x-diff
Size: 5913 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20121009/cde06b8c/attachment.bin>
More information about the Freeipa-devel
mailing list