[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Pki-devel] Fwd: Re: [pki-devel][PATCH]






-------- Forwarded Message --------
Subject: Re: [Pki-devel] [pki-devel][PATCH]
Date: Mon, 06 Jul 2015 15:35:27 -0600
From: Matthew Harmsen <mharmsen redhat com>
To: John Magne <jmagne redhat com>


On 07/06/15 15:13, John Magne wrote:
Omit OCSP from clone description.

Ticket #1358.
Also note that OCSP cloning is unsupported as of now.


_______________________________________________
Pki-devel mailing list
Pki-devel redhat com
https://www.redhat.com/mailman/listinfo/pki-devel
ACK (removed trailing white space and extraneous comma)


From 246429a9f9d48e51c31df70cd5a8c091ee9e3da7 Mon Sep 17 00:00:00 2001
From: Jack Magne <jmagne localhost localdomain>
Date: Mon, 6 Jul 2015 14:05:57 -0700
Subject: [PATCH] Omit OCSP from clone description.

Ticket #1358.
Also note that OCSP cloning is unsupported as of now.
---
 base/server/man/man8/pkispawn.8 | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/base/server/man/man8/pkispawn.8 b/base/server/man/man8/pkispawn.8
index 33c36e3..4967564 100644
--- a/base/server/man/man8/pkispawn.8
+++ b/base/server/man/man8/pkispawn.8
@@ -277,10 +277,10 @@ A cloned CA is a CA which uses the same signing, OCSP signing, and audit signing
 .PP
 Before the clone can be generated, the Directory Server must be created that is separate from the master CA's Directory Server.  The example assumes that the master CA and cloned CA are on different machines, and that their Directory Servers are on port 389.  In addition, the master's system certs and keys have been stored in a PKCS #12 file that is copied over to the clone subsystem in the location specified in <path_to_pkcs12_file>.  This file is created when the master CA is installed; it can also be generated using \fBPKCS12Export\fP.  The file needs to be readable by the user the Certificate Server runs as (by default, pkiuser) and be given the SELinux context pki_tomcat_cert_t.
 .PP
-.SS Installing a KRA, OCSP, or TKS clone
+.SS Installing a KRA or TKS clone (OCSP unsupported as of now)
 \x'-1'\fBpkispawn \-s <subsystem> \-f myconfig.txt\fR
 .PP
-where subsystem is KRA, OCSP, or TKS, and \fImyconfig.txt\fP contains the following text:
+where subsystem is KRA or TKS, and \fImyconfig.txt\fP contains the following text:
 .IP
 .nf
 [DEFAULT]
@@ -302,9 +302,9 @@ pki_clone_uri=https://<master_kra_host>:<master_kra_https_port>
 pki_issuing_ca=https://<ca_hostname>:<ca_https_port>
 .fi
 .PP
-As with a CA clone, a KRA, OCSP, or TKS clone uses the same certificates and basic configuration as the original subsystem. The configuration points to the original subsystem to copy its configuration. This example also assumes that the CA is on a remote machine and specifies the CA and security domain information. 
+As with a CA clone, a KRA or TKS clone uses the same certificates and basic configuration as the original subsystem. The configuration points to the original subsystem to copy its configuration. This example also assumes that the CA is on a remote machine and specifies the CA and security domain information.
 .PP
-The subsystem section is [KRA], [OCSP], or [TKS].
+The subsystem section is [KRA] or [TKS].
 .SS Installing a subordinate CA
 \x'-1'\fBpkispawn \-s CA \-f myconfig.txt\fR
 .PP
-- 
2.1.0


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]