On 04/08/2013 08:42 AM, Martin Kosek wrote:
> On 04/08/2013 10:48 AM, Jan Cholasta wrote:
>> On 8.4.2013 10:47, Jan Cholasta wrote:
>>> this patch fixes <https://fedorahosted.org/freeipa/ticket/3552>.
>> Re-sending with correct subject.
> I tested the change both for upgrades and for fresh installs and it worked
> both cases, even when testing with Firefox enforcing mode.
> So far, as the biggest issue in current process I see NSS not being able to
> fallback to other defined OCSP responder (I tested with Firefox 20). This way,
> Firefox will fail validating the FreeIPA site when the first tested OCSP
> responder is not available (e.g. the original IPA CA signing the http cert, or
> an `ipa-ca.$domain` host that is currently not up).
Have we filed a ticket with FF?
> Freeipa-devel mailing list
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
Looking to carve out IT costs?
Freeipa-devel mailing list