Right now we just configure the first master address in dogtag as the OCSP responder and CRL list. When --setup-dns is used we should instead create a ocsp.<domain> CNAME that points at all masters available, and change the dogtag configuration files to use that address instead.
On CA replica installs/removals we should update the CNAME list of pointers.
If --setup-dns is not used then a warning should be printed on install that redirect the user to read the docs on how to manually do this so that they can manually manage a CNAME in their DNS.
Related to #1059.
Suggest we defer it.
Changing 3.2 priority
This ticket will be solved as a part of #3074.
Adding to the list is fixed as part of:
master: 867f769
Moving my tickets back to free-to-take pool.
Duplicate of already-solved ticket:3574.
Metadata Update from @simo: - Issue assigned to someone - Issue set to the milestone: Future Releases
Login to comment on this ticket.