URL: https://github.com/freeipa/freeipa/pull/355 Title: #355: Set up DS TLS on replica in CA-less topology
jcholast commented: """ @mbasti-rh, `ipa-certupdate` has to be run on *all* systems in the domain after installing a CA. How do you propose we do that from `ipa-ca-install`? Anyway, the behavior @tomaskrizek is observing happens if you don't run `ipa-certupdate` *before* `ipa-ca-install` *on replica* and is caused by `ipa-ca-install` using local files rather than LDAP when looking for CA certificates. """ See the full comment at https://github.com/freeipa/freeipa/pull/355#issuecomment-268741247
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code