On 09/20/2012 11:58 PM, Rob Crittenden wrote:
> Rob Crittenden wrote:
>> The CA audit certificate is initially valid for two years but its
>> profile has it renewing at six months. This bumps the value up to two
>> years to match the other certificates.
>>
>> This relies on Petr's and Ade's dogtag 10 patches.
> 
> Updated patch. The value of 
> policyset.caLogSigningSet.2.constraint.params.range
> needs to be bumped to 720 as well.
> 
> rob
> 

1) I do not see the updated patch with the described change

2) Patch needs a rebase

3) In upgrade_ipa_profile function, please rather adopt the concept of
restarting the CA just once ("ca_restart" variable), at the end of the
ipa-upgraceconfig. With your change, CA would be restarted at least twice -
once for audit cert renewal update and then for CRL location change.

Otherwise it works OK - profile is updated.

Martin

_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel

Reply via email to