On 09/20/2012 11:58 PM, Rob Crittenden wrote:
> Rob Crittenden wrote:
>> The CA audit certificate is initially valid for two years but its
>> profile has it renewing at six months. This bumps the value up to two
>> years to match the other certificates.
>> This relies on Petr's and Ade's dogtag 10 patches.
> Updated patch. The value of 
> policyset.caLogSigningSet.2.constraint.params.range
> needs to be bumped to 720 as well.
> rob

1) I do not see the updated patch with the described change

2) Patch needs a rebase

3) In upgrade_ipa_profile function, please rather adopt the concept of
restarting the CA just once ("ca_restart" variable), at the end of the
ipa-upgraceconfig. With your change, CA would be restarted at least twice -
once for audit cert renewal update and then for CRL location change.

Otherwise it works OK - profile is updated.


Freeipa-devel mailing list

Reply via email to