[Freeipa-devel] [freeipa PR#355][comment] Set up DS TLS on replica in CA-less topology
jcholast
freeipa-github-notification at redhat.com
Thu Dec 22 08:00:53 UTC 2016
URL: https://github.com/freeipa/freeipa/pull/355
Title: #355: Set up DS TLS on replica in CA-less topology
jcholast commented:
"""
@mbasti-rh, `ipa-certupdate` has to be run on *all* systems in the domain after installing a CA. How do you propose we do that from `ipa-ca-install`? Anyway, the behavior @tomaskrizek is observing happens if you don't run `ipa-certupdate` *before* `ipa-ca-install` *on replica* and is caused by `ipa-ca-install` using local files rather than LDAP when looking for CA certificates.
"""
See the full comment at https://github.com/freeipa/freeipa/pull/355#issuecomment-268741247
More information about the Freeipa-devel
mailing list