On 07/16/2012 01:35 PM, Rob Crittenden wrote:
Nalin Dahyabhai wrote:
On Mon, Jul 16, 2012 at 09:23:24AM -0400, Rob Crittenden wrote:
Use the new certmonger capability to be able to renew the dogtag
subsystem certificates (audit, OCSP, etc).

Are the copies of the certificates in the pki-ca CS.cfg file being
updated elsewhere?  Or is it not turning out to be a problem if they

I didn't test validating OCSP signatures but the audit subsystem seemed fine (it complained wildly when I had the wrong trust in the NSS db).

Andrew, do I need to update CS.cfg as well?

Yes, you may need update CS.cfg too.


Freeipa-devel mailing list

Reply via email to