867f769 Add OCSP and CRL URIs to certificates

7 files Authored by mkosek 11 years ago, Committed by rcritten 11 years ago,
    Add OCSP and CRL URIs to certificates
    
    Modify the default IPA CA certificate profile to include CRL and
    OCSP extensions which will add URIs to IPA CRL&OCSP to published
    certificates.
    
    Both CRL and OCSP extensions have 2 URIs, one pointing directly to
    the IPA CA which published the certificate and one to a new CNAME
    ipa-ca.$DOMAIN which was introduced as a general CNAME pointing
    to all IPA replicas which have CA configured.
    
    The new CNAME is added either during new IPA server/replica/CA
    installation or during upgrade.
    
    https://fedorahosted.org/freeipa/ticket/3074
    https://fedorahosted.org/freeipa/ticket/1431
    
        
file modified
+21 -2
file modified
+135 -15