Lucas Yamanishi wrote:
What's the best way to verify _everything will be OK_ after completing
the steps in section 16.8 of the Guide?
Also, why is it necessary to add the master.ca.* entries when they did
not exist in the previous master? The Guide is a little unclear on that.
I'm assuming you're using a dogtag CA?
For dogtag only one of the masters generates the CRL. All these
modifications do is change the server on which the CRL is generated.
To test this you'd just want to add the entries to one, remove from the
previous master and restart both. Then watch the promoted master's debug
log to ensure that it is regenerating the CRL on schedule.
Freeipa-users mailing list