On Thu, Jan 15, 2015 at 3:26 AM, Jan Cholasta <[email protected]> wrote:
> Hi, > > Dne 14.1.2015 v 14:54 Brian Topping napsal(a): > >> Hi Martin, thanks for your response! >> >> What I realize now is the certificate CRL points to the server that >>>> no longer exists and I'd like to get that cleaned up. I found >>>> http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master >>>> <http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master >>>> >, >>>> is that relevant for my situation? >>>> >>> >>> Yes, this is the procedure to follow for servers older than FreeIPA >>> 4.1. Jan is >>> that correct? If yes, the page deserves a warning/update. >>> >> > This is the procedure to follow on IPA < 4.0. On IPA >= 4.0, the > information about renewal master is stored in LDAP, but you still have to > handle CRL master manually. > I'm still not clear what needs to be done on IPA >= 4.0 when promoting a new CRL master. Can that page be updated to state these instructions are for IPA < 4.0 and include the manual piece you mention for IPA >= 4.0? Thanks > > >>> >> Ooof! I forgot that vendor repos were so far behind. I'm still at >> 3.3.3-28. >> >> Is it reasonable and desirable to run one of my two servers with the >> image documented at >> http://seven.centos.org/2014/12/freeipa-4-1-2-and-centos? I'm >> interested in integrating Shiro or some other RBAC against IPA at some >> point in the next few months, but I'd wait if the Docker image is a >> prelude to 4.x hitting vendor repos soon. >> >> Cheers, Brian >> > > Honza > > -- > Jan Cholasta > > > -- > Manage your subscription for the Freeipa-users mailing list: > https://www.redhat.com/mailman/listinfo/freeipa-users > Go To http://freeipa.org for more info on the project >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
