IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-01-26 16:16:31 -06:00
Code Issues Packages Projects Releases Wiki Activity
e0b32dac54
freeipa/install/restart_scripts
History
Pavel Vomacka e0b32dac54
Turn on NSSOCSP check in mod_nss conf 
Turn on NSSOCSP directive during install/replica install/upgrade.
That check whether the certificate which is used for login is
revoked or not using OSCP.

Marks the server cert in httpd NSS DB as trusted peer ('P,,')
to avoid chicken and egg problem when it is needed to contact
the OCSP responder when httpd is starting.

https://pagure.io/freeipa/issue/6370

Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>
Reviewed-By: Martin Basti <mbasti@redhat.com>
2017-05-10 09:08:34 +02:00
..
Makefile.am Build: remove incorrect use of MAINTAINERCLEANFILES 2016-11-16 09:12:07 +01:00
README Configure certmonger to execute restart scripts on renewal. 2012-04-10 01:08:41 -04:00
renew_ca_cert renew agent, restart scripts: connect to LDAP after kinit 2017-04-07 18:53:15 +02:00
renew_ra_cert renew agent, restart scripts: connect to LDAP after kinit 2017-04-07 18:53:15 +02:00
renew_ra_cert_pre cert renewal: make renewal of ipaCert atomic 2015-11-19 13:06:12 +01:00
restart_dirsrv dsinstance: reconnect ldap2 after DS is restarted by certmonger 2017-04-07 18:53:15 +02:00
restart_httpd Turn on NSSOCSP check in mod_nss conf 2017-05-10 09:08:34 +02:00
stop_pkicad Set explicit confdir option for global contexts 2016-12-02 09:14:35 +01:00

README 

This directory contains scripts to be used by the command (-C) option
of certmonger to restart services when the certificates are renewed.