[Freeipa-users] Replica promotion and CA serial testing
Rob Crittenden
rcritten at redhat.com
Wed Apr 18 13:51:40 UTC 2012
Lucas Yamanishi wrote:
> Hi,
>
> What's the best way to verify _everything will be OK_ after completing
> the steps in section 16.8 of the Guide?
>
> Also, why is it necessary to add the master.ca.* entries when they did
> not exist in the previous master? The Guide is a little unclear on that.
I'm assuming you're using a dogtag CA?
For dogtag only one of the masters generates the CRL. All these
modifications do is change the server on which the CRL is generated.
To test this you'd just want to add the entries to one, remove from the
previous master and restart both. Then watch the promoted master's debug
log to ensure that it is regenerating the CRL on schedule.
rob
More information about the Freeipa-users
mailing list