Lucas Yamanishi wrote:
Hi,

What's the best way to verify _everything will be OK_ after completing
the steps in section 16.8 of the Guide?

Also, why is it necessary to add the master.ca.* entries when they did
not exist in the previous master?  The Guide is a little unclear on that.

I'm assuming you're using a dogtag CA?

For dogtag only one of the masters generates the CRL. All these modifications do is change the server on which the CRL is generated.

To test this you'd just want to add the entries to one, remove from the previous master and restart both. Then watch the promoted master's debug log to ensure that it is regenerating the CRL on schedule.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to