Dne 15.1.2015 v 15:29 Bill Peck napsal(a):


On Thu, Jan 15, 2015 at 3:26 AM, Jan Cholasta <jchol...@redhat.com
<mailto:jchol...@redhat.com>> wrote:

    Hi,

    Dne 14.1.2015 v 14:54 Brian Topping napsal(a):

        Hi Martin, thanks for your response!

                What I realize now is the certificate CRL points to the
                server that
                no longer exists and I'd like to get that cleaned up. I
                found
                
http://www.freeipa.org/page/__Howto/Promote_CA_to_Renewal___and_CRL_Master
                
<http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master>
                
<http://www.freeipa.org/page/__Howto/Promote_CA_to_Renewal___and_CRL_Master
                
<http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master>>,
                is that relevant for my situation?


            Yes, this is the procedure to follow for servers older than
            FreeIPA
            4.1. Jan is
            that correct? If yes, the page deserves a warning/update.


    This is the procedure to follow on IPA < 4.0. On IPA >= 4.0, the
    information about renewal master is stored in LDAP, but you still
    have to handle CRL master manually.


I'm still not clear what needs to be done on IPA >= 4.0 when promoting a
new CRL master.  Can that page be updated to state these instructions
are for IPA < 4.0 and include the manual piece you mention for IPA >= 4.0?

Thanks

I have updated the page with information for current versions of IPA.





        Ooof! I forgot that vendor repos were so far behind. I'm still
        at 3.3.3-28.

        Is it reasonable and desirable to run one of my two servers with the
        image documented at
        http://seven.centos.org/2014/__12/freeipa-4-1-2-and-centos
        <http://seven.centos.org/2014/12/freeipa-4-1-2-and-centos>?  I'm
        interested in integrating Shiro or some other RBAC against IPA
        at some
        point in the next few months, but I'd wait if the Docker image is a
        prelude to 4.x hitting vendor repos soon.

        Cheers, Brian


    Honza

    --
    Jan Cholasta


    --
    Manage your subscription for the Freeipa-users mailing list:
    https://www.redhat.com/__mailman/listinfo/freeipa-users
    <https://www.redhat.com/mailman/listinfo/freeipa-users>
    Go To http://freeipa.org for more info on the project




--
Jan Cholasta

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to