Nalin Dahyabhai wrote:
On Mon, Jul 16, 2012 at 09:23:24AM -0400, Rob Crittenden wrote:
Use the new certmonger capability to be able to renew the dogtag
subsystem certificates (audit, OCSP, etc).
Are the copies of the certificates in the pki-ca CS.cfg file being
updated elsewhere? Or is it not turning out to be a problem if they
aren't?
I didn't test validating OCSP signatures but the audit subsystem seemed
fine (it complained wildly when I had the wrong trust in the NSS db).
Andrew, do I need to update CS.cfg as well?
rob
_______________________________________________
Freeipa-devel mailing list
Freeipa-devel@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-devel
