I see the replica listed under services idm's web-ui. It appears as "
HTTP/replica@DOMAIN". Is this normal ? I'm not sure if it's being tracked
for auto-renewal or if it was issued as a one time cert during setup. What
would be the steps to fix this ?

On Wed, May 24, 2017 at 12:00 AM, Alexander Bokovoy <aboko...@redhat.com>
wrote:

> On ti, 23 touko 2017, Prasun Gera via FreeIPA-users wrote:
>
>> I posted this in the earlier thread, but didn't get a response. I was able
>> to fix this on the master, but "getcert list -d /etc/httpd/alias -n
>> "Server-Cert" on the replica doesn't return anything. Are the replica's
>> SSL
>> certs handled differently ?
>>
> I don't think there is any difference, not at least code-wise, for how
> HTTP service certificate is tracked in the case of IPA CA.
>
> In case of a replica promotion a request to issue HTTP service
> certificate is routed to the original IPA CA master (because the one we
> will have on the replica itself is not yet here). Either way, certmonger
> is set to track the same Server-Cert certificate in /etc/httpd/alias
> during server upgrade process that is one of the last steps when replica
> is installed.
>
> --
> / Alexander Bokovoy
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to