Certificates are issued from IPA CA with the OCSP responder URI
http://ipa-ca.$DOMAIN/ca/ocsp and CRL distribution point
http://ipa-ca.$DOMAIN/ipa/crl/MasterCRL.bin (these are set in the
certificate extensions).
flo
Thanks! Does it have to be an IPA server with CA? What if it doesn't have CA component
- will it forward the request to one of the IPA servers with CA?