[Freeipa-devel] [PATCH] 340 Add OCSP and CRL URIs to certificates
Martin Kosek
mkosek at redhat.com
Thu Dec 6 16:19:04 UTC 2012
On 12/06/2012 04:48 PM, Martin Kosek wrote:
> On 12/06/2012 04:45 PM, Martin Kosek wrote:
>> Modify the default IPA CA certificate profile to include CRL and
>> OCSP extensions which will add URIs to IPA CRL&OCSP to published
>> certificates.
>>
>> Both CRL and OCSP extensions have 2 URIs, one pointing directly to
>> the IPA CA which published the certificate and one to a new CNAME
>> ipa-ca.$DOMAIN which was introduced as a general CNAME pointing
>> to all IPA replicas which have CA configured.
>>
>> The new CNAME is added either during new IPA server/replica/CA
>> installation or during upgrade.
>>
>> https://fedorahosted.org/freeipa/ticket/3074
>> https://fedorahosted.org/freeipa/ticket/1431
>>
>> ----
>>
>> This patch originates in Rob's WIP OCSP patch, which I had to rewrite to make
>> things working as we want to :-)
>>
>> Martin
>>
>
> I knew the subject is wrong the moment I clicked the Send button... Sending a
> fixed patch.
>
> Martin
Found a crash in ipa-replica-install, sending a fixed patch.
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeipa-mkosek-340-2-add-ocsp-and-crl-uris-to-certificates.patch
Type: text/x-patch
Size: 30634 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/freeipa-devel/attachments/20121206/9e9d90d7/attachment.bin>
More information about the Freeipa-devel
mailing list