diff options
| author | Martin Kosek <mkosek@redhat.com> | 2012-11-19 10:32:28 -0500 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2012-12-07 11:00:17 -0500 |
| commit | 867f7691e9e8d4dc101d227ca56a94f9b947897f (patch) | |
| tree | dcd1529b6a530091bdb1f446b34bf71bae3836a9 /install/tools/ipa-replica-install | |
| parent | 0d836cd6ee9d7b29808cbf36582eed71a5b6a32a (diff) | |
| download | freeipa-867f7691e9e8d4dc101d227ca56a94f9b947897f.tar.gz freeipa-867f7691e9e8d4dc101d227ca56a94f9b947897f.tar.xz freeipa-867f7691e9e8d4dc101d227ca56a94f9b947897f.zip | |
Add OCSP and CRL URIs to certificates
Modify the default IPA CA certificate profile to include CRL and
OCSP extensions which will add URIs to IPA CRL&OCSP to published
certificates.
Both CRL and OCSP extensions have 2 URIs, one pointing directly to
the IPA CA which published the certificate and one to a new CNAME
ipa-ca.$DOMAIN which was introduced as a general CNAME pointing
to all IPA replicas which have CA configured.
The new CNAME is added either during new IPA server/replica/CA
installation or during upgrade.
https://fedorahosted.org/freeipa/ticket/3074
https://fedorahosted.org/freeipa/ticket/1431
Diffstat (limited to 'install/tools/ipa-replica-install')
| -rwxr-xr-x | install/tools/ipa-replica-install | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index f041c58a8..7d7115cfd 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -247,7 +247,8 @@ def install_bind(config, options): print "Using reverse zone %s" % reverse_zone bind.setup(config.host_name, config.ip_address, config.realm_name, - config.domain_name, forwarders, options.conf_ntp, reverse_zone) + config.domain_name, forwarders, options.conf_ntp, reverse_zone, + ca_configured=options.setup_ca) bind.create_instance() print "" @@ -296,7 +297,8 @@ def install_dns_records(config, options): bind.add_master_dns_records(config.host_name, config.ip_address, config.realm_name, config.domain_name, - reverse_zone, options.conf_ntp) + reverse_zone, options.conf_ntp, + options.setup_ca) def check_dirsrv(): (ds_unsecure, ds_secure) = dsinstance.check_ports() |