URL: https://github.com/freeipa/freeipa/pull/355
Title: #355: Set up DS TLS on replica in CA-less topology

jcholast commented:
"""
@mbasti-rh, `ipa-certupdate` has to be run on *all* systems in the domain after 
installing a CA. How do you propose we do that from `ipa-ca-install`? Anyway, 
the behavior @tomaskrizek is observing happens if you don't run 
`ipa-certupdate` *before* `ipa-ca-install` *on replica* and is caused by 
`ipa-ca-install` using local files rather than LDAP when looking for CA 
certificates.
"""

See the full comment at 
https://github.com/freeipa/freeipa/pull/355#issuecomment-268741247
-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to