Lucas Yamanishi wrote:

What's the best way to verify _everything will be OK_ after completing
the steps in section 16.8 of the Guide?

Also, why is it necessary to add the* entries when they did
not exist in the previous master?  The Guide is a little unclear on that.

I'm assuming you're using a dogtag CA?

For dogtag only one of the masters generates the CRL. All these modifications do is change the server on which the CRL is generated.

To test this you'd just want to add the entries to one, remove from the previous master and restart both. Then watch the promoted master's debug log to ensure that it is regenerating the CRL on schedule.


Freeipa-users mailing list

Reply via email to