I see the replica listed under services idm's web-ui. It appears as " HTTP/replica@DOMAIN". Is this normal ? I'm not sure if it's being tracked for auto-renewal or if it was issued as a one time cert during setup. What would be the steps to fix this ?
On Wed, May 24, 2017 at 12:00 AM, Alexander Bokovoy <aboko...@redhat.com> wrote: > On ti, 23 touko 2017, Prasun Gera via FreeIPA-users wrote: > >> I posted this in the earlier thread, but didn't get a response. I was able >> to fix this on the master, but "getcert list -d /etc/httpd/alias -n >> "Server-Cert" on the replica doesn't return anything. Are the replica's >> SSL >> certs handled differently ? >> > I don't think there is any difference, not at least code-wise, for how > HTTP service certificate is tracked in the case of IPA CA. > > In case of a replica promotion a request to issue HTTP service > certificate is routed to the original IPA CA master (because the one we > will have on the replica itself is not yet here). Either way, certmonger > is set to track the same Server-Cert certificate in /etc/httpd/alias > during server upgrade process that is one of the last steps when replica > is installed. > > -- > / Alexander Bokovoy >
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org