Hi Martin, thanks for your response! 

>> What I realize now is the certificate CRL points to the server that no 
>> longer exists and I'd like to get that cleaned up. I found 
>> http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master 
>> <http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master>, is 
>> that relevant for my situation?
> Yes, this is the procedure to follow for servers older than FreeIPA 4.1. Jan 
> is
> that correct? If yes, the page deserves a warning/update.

Ooof! I forgot that vendor repos were so far behind. I'm still at 3.3.3-28. 

Is it reasonable and desirable to run one of my two servers with the image 
documented at http://seven.centos.org/2014/12/freeipa-4-1-2-and-centos 
<http://seven.centos.org/2014/12/freeipa-4-1-2-and-centos>?  I'm interested in 
integrating Shiro or some other RBAC against IPA at some point in the next few 
months, but I'd wait if the Docker image is a prelude to 4.x hitting vendor 
repos soon.

Cheers, Brian
Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to