On to, 31 tammi 2019, Natxo Asenjo via FreeIPA-users wrote:
hi,
at work I am testing using a light sub-ca with openvpn to limit the scope
of hosts that can auto request a certificate.
So far so good, really impressed with how well it works.
The question I cannot answer is: are there specific urls for crl/ocsp for
sub-cas, or do the 'generic' crl/ocsp url apply to sub-cas as well?
There is no CRL support for subCAs. OCSP should work just fine.
See https://bugzilla.redhat.com/show_bug.cgi?id=1478394 for details.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
