Rob Foehl wrote:
> On Mon, 19 Jun 2017, Rob Crittenden wrote:
>
>> Rob Foehl wrote:
>>> On Thu, 15 Jun 2017, Rob Crittenden wrote:
>>>
Rob Foehl wrote:
> Can I at least get a yes or no on whether external CA certificate
> renewal has ever been tested when that certificate is nearing
>
On Mon, 19 Jun 2017, Rob Crittenden wrote:
Rob Foehl wrote:
On Thu, 15 Jun 2017, Rob Crittenden wrote:
Rob Foehl wrote:
Can I at least get a yes or no on whether external CA certificate
renewal has ever been tested when that certificate is nearing
expiration?
Yes. I tested this with IPA v3
Rob Foehl wrote:
> On Thu, 15 Jun 2017, Rob Crittenden wrote:
>
>> Rob Foehl wrote:
>>> Can I at least get a yes or no on whether external CA certificate
>>> renewal has ever been tested when that certificate is nearing
>>> expiration?
>>
>> Yes. I tested this with IPA v3.0. Did it break in betwee
On Thu, 15 Jun 2017, Rob Crittenden wrote:
Rob Foehl wrote:
Can I at least get a yes or no on whether external CA certificate
renewal has ever been tested when that certificate is nearing expiration?
Yes. I tested this with IPA v3.0. Did it break in between? Possible.
As I pointed out certmo
Rob Foehl wrote:
> On Fri, 9 Jun 2017, I wrote:
>
>> In short, that didn't go particularly well at all, which in some ways
>> brings me back to the original as-yet-unanswered deployment question:
>>
>> Is trying to do this with an external CA worth the pain?
>
> Three attempts at this question, a
On Fri, 9 Jun 2017, I wrote:
In short, that didn't go particularly well at all, which in some ways brings
me back to the original as-yet-unanswered deployment question:
Is trying to do this with an external CA worth the pain?
Three attempts at this question, and zero answers...
Can I at lea
On Fri, 26 May 2017, Rob Crittenden wrote:
Rob Foehl via FreeIPA-users wrote:
On Fri, 26 May 2017, Fraser Tweedale wrote:
What is the validity of the leaf certificates? Is the notAfter time
of the leaf certificate pegged to the notAfter time of the CA
certificate? If so, this is (IMO) a bug
Rob Foehl via FreeIPA-users wrote:
> On Fri, 26 May 2017, Fraser Tweedale wrote:
>
>> What is the validity of the leaf certificates? Is the notAfter time
>> of the leaf certificate pegged to the notAfter time of the CA
>> certificate? If so, this is (IMO) a bug.
>
> The leaf certs' expiration i
On Fri, 26 May 2017, Fraser Tweedale wrote:
What is the validity of the leaf certificates? Is the notAfter time
of the leaf certificate pegged to the notAfter time of the CA
certificate? If so, this is (IMO) a bug.
The leaf certs' expiration is pegged to that of the CA cert that was used
to
On Thu, May 25, 2017 at 10:59:11AM -0400, Rob Foehl via FreeIPA-users wrote:
> On Thu, 25 May 2017, Fraser Tweedale wrote:
>
> > This is not correct. The CA cert must be valid for the leaf cert to
> > be valid, but the CA cert *can* be renewed without requiring leaf
> > certificates to be reissue
On Thu, 25 May 2017, Fraser Tweedale wrote:
This is not correct. The CA cert must be valid for the leaf cert to
be valid, but the CA cert *can* be renewed without requiring leaf
certificates to be reissued. So long as the following conditions
are met, everything will be fine:
1. The CA's key
On Thu, May 25, 2017 at 01:34:16AM -0400, Rob Foehl via FreeIPA-users wrote:
> I've got a test instance of FreeIPA 4.4.4 running on F25 that was installed
> with --external-ca, and the resulting CSR signed with a validity period of
> 30 days to test behavior around expirations.
>
> Upon booting th
12 matches
Mail list logo
