The replication between dogtag servers wasn't using TLS or SSL. This uses a new option to pkisilent to create replication agreements that use TLS.

The SSL cert we will use is the same as the main 389-ds instance via symbolic link.

I tested with --selfsign, with dogtag and with dogtag signed by an external CA.

ticket 1060


Attachment: freeipa-rcrit-751-replication.patch
Description: application/mbox

Freeipa-devel mailing list

Reply via email to