Hi,

Dne 14.1.2015 v 14:54 Brian Topping napsal(a):
Hi Martin, thanks for your response!

What I realize now is the certificate CRL points to the server that
no longer exists and I'd like to get that cleaned up. I found
http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master 
<http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master>,
is that relevant for my situation?

Yes, this is the procedure to follow for servers older than FreeIPA
4.1. Jan is
that correct? If yes, the page deserves a warning/update.

This is the procedure to follow on IPA < 4.0. On IPA >= 4.0, the information about renewal master is stored in LDAP, but you still have to handle CRL master manually.



Ooof! I forgot that vendor repos were so far behind. I'm still at 3.3.3-28.

Is it reasonable and desirable to run one of my two servers with the
image documented at
http://seven.centos.org/2014/12/freeipa-4-1-2-and-centos?  I'm
interested in integrating Shiro or some other RBAC against IPA at some
point in the next few months, but I'd wait if the Docker image is a
prelude to 4.x hitting vendor repos soon.

Cheers, Brian

Honza

--
Jan Cholasta

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to