yet another certificate authority question.

We have a centos 6.5 ipa environment with two domain controllers
(kdc01, kdc02). The first one is the first replica and maintains the
crl (or so it should).

Recently our monitoring warned us that the web host certificate for
kdc01 was about to expire. And it auto-renewed this weeked, with was

But if I go to the crl url (http://kdc01.domain.tld/ipa.crl ) all the
files I see are very old (the MasterCRL.bin file is dated 28 june
2013), and on the kdc02 it is newer (July 2 2013).

Am I looking at the wrong urls? How can I check that the crl is ok?

Thanks in advance for your tips.

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to