This involves the `ipa-server-certinstall` command.
1) If I used the option to install P12 for dirsrv, will dirsrv being doing OCSP validation? If so, is there away for me to disable OCSP validation?
2) Is there any documentation or information on what kind of cert the DIRSRV service needs?
==== Cert Info ===
Version: 3 (0x2)
Signature Algorithm: sha256WithRSAEncryption
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:97:33:d2:6d:a9:98:72:4c:b0:3d:3e:dc:4c:a5:
7d:61:d2:ae:b9:4b:eb:5e:71:ec:3e:45:62:75:24:
72:06:74:a3:94:03:c4:80:eb:4e:bc:5c:4e:f9:39:
0c:b1:5d:8e:57:ea:42:fb:70:3a:0e:3e:a0:83:62:
6a:1a:47:44:2c:b3:31:cf:26:f0:63:d7:3e:c7:51:
3b:d8:04:17:68:d5:d9:0d:ab:8d:ea:2e:b1:c8:a0:
14:ff:d6:9c:ed:86:ec:2f:07:73:68:c3:5b:2d:bd:
d4:03:74:c7:82:7d:34:fe:d0:9c:fd:cf:8d:50:c9:
d5:eb:eb:af:e8:39:d3:75:e9:c3:d9:78:1c:46:97:
84:91:d5:b4:57:48:d6:c8:4b:ae:64:87:c6:04:94:
8d:c1:8e:ee:f5:59:27:e8:16:9a:92:c2:2a:48:71:
aa:11:10:19:2e:97:7a:d6:b6:76:ba:0d:36:7b:b7:
a1:45:7c:d6:6d:05:13:ff:ba:0a:55:47:8e:86:72:
a2:42:6a:ce:df:2c:78:e6:ab:61:0e:df:eb:99:79:
82:f3:87:97:df:3b:06:f7:9b:47:d8:1f:cb:b3:f0:
d2:58:2c:5a:40:39:00:78:2e:53:e4:c5:70:0a:90:
62:25:f3:88:fc:58:2c:4e:11:47:b7:76:25:a9:68:
16:cb
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Authority Key Identifier:
keyid:51:C4:8B:33:99:94:C0:7E:BB:36:1D:E3:E2:3A:05:BD:32:74:9D:53
X509v3 Subject Key Identifier:
32:E1:3A:F5:1D:26:AB:A2:FE:E2:E7:6E:21:D2:96:99:87:49:1E:0F
Authority Information Access:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 CRL Distribution Points:
Full Name:
X509v3 Subject Alternative Name:
X509v3 Certificate Policies:
Policy: 2.16.840.1.101.2.1.11.39
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication, 1.3.6.1.5.5.8.2.2