- It was found that the current default configuration of IPA servers did not publish correct CRLs (Certificate Revocation Lists). The default configuration specifies that every replica is to generate its own CRL, however this can result in inconsistencies in the CRL contents provided to clients from different Identity Management replicas. More specifically, if a certificate is revoked on one Identity Management replica, it will not show up in the CRL on another Identity Management replica.
- Red Hat Enterprise Linux 6.3 and earlier
- IPA 2.2 and earlier
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.