[Freeipa-users] mastercrl.bin very old

Natxo Asenjo natxo.asenjo at gmail.com
Mon Oct 13 14:27:44 UTC 2014


yet another certificate authority question.

We have a centos 6.5 ipa environment with two domain controllers
(kdc01, kdc02). The first one is the first replica and maintains the
crl (or so it should).

Recently our monitoring warned us that the web host certificate for
kdc01 was about to expire. And it auto-renewed this weeked, with was

But if I go to the crl url (http://kdc01.domain.tld/ipa.crl ) all the
files I see are very old (the MasterCRL.bin file is dated 28 june
2013), and on the kdc02 it is newer (July 2 2013).

Am I looking at the wrong urls? How can I check that the crl is ok?

Thanks in advance for your tips.

More information about the Freeipa-users mailing list