On 07/16/2012 01:35 PM, Rob Crittenden wrote:
Nalin Dahyabhai wrote:
On Mon, Jul 16, 2012 at 09:23:24AM -0400, Rob Crittenden wrote:
Use the new certmonger capability to be able to renew the dogtag
subsystem certificates (audit, OCSP, etc).


Are the copies of the certificates in the pki-ca CS.cfg file being
updated elsewhere?  Or is it not turning out to be a problem if they
aren't?

I didn't test validating OCSP signatures but the audit subsystem seemed fine (it complained wildly when I had the wrong trust in the NSS db).

Andrew, do I need to update CS.cfg as well?

Yes, you may need update CS.cfg too.

Andrew

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to