This will eventually apply only to already installed instances.
We noticed during renewal testing that audit cert is issued for 2 years at install time but the renewal profile for it renews for only 6 months.
The dogtag team is going to address new installs, we need to handle upgrades.
On renewal it uses caSignedLogCert.cfg in the profile subdir
We need to increase policyset.caLogSigningSet.2.default.params.range
The dogtag BZ is https://bugzilla.redhat.com/show_bug.cgi?id=843979
attachment freeipa-rcrit-1055-auditrenewal.patch
The patch depends on the dogtag 9/10 generalization code from ticket #2846
master: eb79f5c[[BR]] ipa-3-0: 8f7625a
Metadata Update from @rcritten: - Issue assigned to rcritten - Issue set to the milestone: FreeIPA 3.0 GA
Login to comment on this ticket.