On Fri, Aug 09, 2019 at 11:06:58PM -0000, Boyd Ako via FreeIPA-users wrote: > This involves the `ipa-server-certinstall` command. > > 1) If I used the option to install P12 for dirsrv, will dirsrv being doing > OCSP validation? If so, is there away for me to disable OCSP validation? > Do you mean, does it perform OCSP validation of the server certificate? (No, I don't think it does.)
If you are talking about client certificates, I'm not sure and I can't find any documentation about it. I defer to DS folks for a definitive answer. > 2) Is there any documentation or information on what kind of cert the DIRSRV > service needs? > It will need Subject Alternative Name (SAN) extension with the correct DNS name for the server, and Extended Key Usage with id-kp-serverAuth (1.3.6.1.5.5.7.3.1). Cheers, Fraser _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
