On 9/2/19 4:58 PM, Dmitry Perets via FreeIPA-users wrote:
Hi,
I know of one usage - all the IPA ansible modules (ipa_*) query for 'ipa-ca' record to find the IPA server. But for other cases - looks like IPA clients mostly rely on entries like '_kerberos.*' and '_ldap.*'...
What other functionality uses 'ipa-ca' record?
Hi,
Certificates are issued from IPA CA with the OCSP responder URI http://ipa-ca.$DOMAIN/ca/ocsp and CRL distribution point http://ipa-ca.$DOMAIN/ipa/crl/MasterCRL.bin (these are set in the certificate extensions).
flo
Thanks.
Regards, Dmitry Perets _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...