[Freeipa-users] OCSP and CRL in certs for java firefox plugin
Prasun Gera
prasun.gera at gmail.com
Fri May 27 23:03:24 UTC 2016
I've set up a couple of dell idrac card's ssl certs signed by ipa CA. I've
also added the ipa CA to java's trusted CAs. However, when you try to
launch the idrac java console, it will still show an error that the site is
untrusted. Upon clicking on "more information", the message says that
although the cert is signed by the CA, it cannot verify the revocation
status. I found this page
http://www.freeipa.org/page/V3/Single_OCSP_and_CRL_in_certs , which
explains potential problems with this since the main ipa server itself is
also using an ssl cert signed by the ipa CA. So the client cannot verify
the revocation if it can't reach the CA. Is there any solution to this ?
Anyone tried this with idrac cards ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160527/401eb0a0/attachment.htm>
More information about the Freeipa-users
mailing list