On 11/04/2014 01:39 PM, Natxo Asenjo wrote: > hi, > > On Mon, Nov 3, 2014 at 5:21 PM, Rob Crittenden <rcrit...@redhat.com> wrote: >> Natxo Asenjo wrote: > >>> How often does the crl list get generated? i still do not see recent data. >> >> This is controlled by ca.crl.MasterCRL.autoUpdateInterval which by >> default is 240, so every 4 hours. > > mmm, still no new items in the https://kdc01.sub.domain.tld/ipa/crl/ > site. Everything is stuck on june 28 2013.
I would check PKI system logs and also look for any AVCs. There were SELinux policy related bugs in the past which prevented creation of the CRLs in /var/lib/ipa/pki-ca/publish/. Martin -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project