[Freeipa-users] CA cert issues
Orion Poplawski
orion at cora.nwra.com
Thu Jan 17 20:48:46 UTC 2013
On 01/17/2013 12:54 PM, Rob Crittenden wrote:
> Orion Poplawski wrote:
>>
>> It seems like a most of the problems would be alleviated if instead of
>> wiping out the old NSS dbs, it simply added the new certs. I don't know
>> if there are any other security implications of this or not.
>
> Yes, that is probably true. I think the reasoning was we didn't know what was
> in the database already so starting over seemed safer.
Filed https://fedorahosted.org/freeipa/ticket/3363
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA, Boulder Office FAX: 303-415-9702
3380 Mitchell Lane orion at nwra.com
Boulder, CO 80301 http://www.nwra.com
More information about the Freeipa-users
mailing list