On 09/20/2012 11:58 PM, Rob Crittenden wrote:
> Rob Crittenden wrote:
>> The CA audit certificate is initially valid for two years but its
>> profile has it renewing at six months. This bumps the value up to two
>> years to match the other certificates.
>> This relies on Petr's and Ade's dogtag 10 patches.
> Updated patch. The value of
> needs to be bumped to 720 as well.
1) I do not see the updated patch with the described change
2) Patch needs a rebase
3) In upgrade_ipa_profile function, please rather adopt the concept of
restarting the CA just once ("ca_restart" variable), at the end of the
ipa-upgraceconfig. With your change, CA would be restarted at least twice -
once for audit cert renewal update and then for CRL location change.
Otherwise it works OK - profile is updated.
Freeipa-devel mailing list