[Freeipa-devel] [PATCH] 340 Add OCSL and CRL URIs to certificates
Martin Kosek
mkosek at redhat.com
Thu Dec 6 15:45:31 UTC 2012
Modify the default IPA CA certificate profile to include CRL and
OCSP extensions which will add URIs to IPA CRL&OCSP to published
certificates.
Both CRL and OCSP extensions have 2 URIs, one pointing directly to
the IPA CA which published the certificate and one to a new CNAME
ipa-ca.$DOMAIN which was introduced as a general CNAME pointing
to all IPA replicas which have CA configured.
The new CNAME is added either during new IPA server/replica/CA
installation or during upgrade.
https://fedorahosted.org/freeipa/ticket/3074
https://fedorahosted.org/freeipa/ticket/1431
----
This patch originates in Rob's WIP OCSP patch, which I had to rewrite to make
things working as we want to :-)
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkosek-340-add-ocsl-and-crl-uris-to-certificates.patch
Type: text/x-patch
Size: 30477 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20121206/e2c1778d/attachment.bin>
More information about the Freeipa-devel
mailing list