freeipa/install/restart_scripts
Jan Cholasta f769045f0a server install: fix KDC PKINIT configuration
Set `pkinit_pool` in `kdc.conf` to a CA certificate bundle of all CAs known
to IPA.

Make sure `cacert.pem` is exported in all installation code paths.

Use the KDC certificate itself as a PKINIT anchor in `login_password`.

https://pagure.io/freeipa/issue/6831

Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Reviewed-By: Martin Babinsky <mbabinsk@redhat.com>
2017-05-19 12:31:24 +02:00
..
Makefile.am server install: fix KDC PKINIT configuration 2017-05-19 12:31:24 +02:00
README Configure certmonger to execute restart scripts on renewal. 2012-04-10 01:08:41 -04:00
renew_ca_cert certdb: use custom object for trust flags 2017-05-19 12:31:24 +02:00
renew_kdc_cert server install: fix KDC PKINIT configuration 2017-05-19 12:31:24 +02:00
renew_ra_cert renew agent, restart scripts: connect to LDAP after kinit 2017-04-07 18:53:15 +02:00
renew_ra_cert_pre cert renewal: make renewal of ipaCert atomic 2015-11-19 13:06:12 +01:00
restart_dirsrv dsinstance: reconnect ldap2 after DS is restarted by certmonger 2017-04-07 18:53:15 +02:00
restart_httpd certdb: add named trust flag constants 2017-05-19 12:31:24 +02:00
stop_pkicad Set explicit confdir option for global contexts 2016-12-02 09:14:35 +01:00

This directory contains scripts to be used by the command (-C) option
of certmonger to restart services when the certificates are renewed.