[Freeipa-users] mastercrl.bin very old
Martin Kosek
mkosek at redhat.com
Wed Nov 5 08:39:19 UTC 2014
On 11/04/2014 01:39 PM, Natxo Asenjo wrote:
> hi,
>
> On Mon, Nov 3, 2014 at 5:21 PM, Rob Crittenden <rcritten at redhat.com> wrote:
>> Natxo Asenjo wrote:
>
>>> How often does the crl list get generated? i still do not see recent data.
>>
>> This is controlled by ca.crl.MasterCRL.autoUpdateInterval which by
>> default is 240, so every 4 hours.
>
> mmm, still no new items in the https://kdc01.sub.domain.tld/ipa/crl/
> site. Everything is stuck on june 28 2013.
I would check PKI system logs and also look for any AVCs. There were SELinux
policy related bugs in the past which prevented creation of the CRLs in
/var/lib/ipa/pki-ca/publish/.
Martin
More information about the Freeipa-users
mailing list