Awesome, thanks! On Mon, Oct 15, 2018 at 5:27 PM Rob Crittenden <rcrit...@redhat.com> wrote:
> Andrey Bondarenko wrote: > > Thank you! > > > >> You'll need to delete the blobs out of LDAP using ldapmodify or > > ldapdelete. > > > > But those certs are located not only in LDAP, am I correct? Wouldn't I > > brake the consistency of the IPA if I will ldapdelete them? > > Re-run ipa-certupdate to refresh local files/NSS databases. > > rob > > > > > On Mon, Oct 15, 2018 at 4:52 PM Rob Crittenden <rcrit...@redhat.com > > <mailto:rcrit...@redhat.com>> wrote: > > > > Andrey Bondarenko via FreeIPA-users wrote: > > > Hello, > > > > > > after some tests with Letsencrypt on my test env DEVDOMAN.COM > > <http://DEVDOMAN.COM> > > > <http://DEVDOMAN.COM> I have something like this: > > > ipa-replica-install --mkhomedir --setup-ca --setup-dns > > > --auto-forwarders -p password > > > > > > Successfully retrieved CA cert > > > Subject: CN=Certificate Authority,O=DEVDOMAIN.COM > > <http://DEVDOMAIN.COM> > > > <http://DEVDOMAIN.COM> > > > Issuer: CN=Certificate Authority,O=DEVDOMAIN.COM > > <http://DEVDOMAIN.COM> > > > <http://DEVDOMAIN.COM> > > > Valid From: 2018-09-27 12:48:51 > > > Valid Until: 2038-09-27 12:48:51 > > > > > > Subject: CN=DST Root CA X3,O=Digital Signature Trust Co. > > > Issuer: CN=DST Root CA X3,O=Digital Signature Trust Co. > > > Valid From: 2000-09-30 21:12:19 > > > Valid Until: 2021-09-30 14:01:15 > > > > > > Subject: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US > > > Issuer: CN=DST Root CA X3,O=Digital Signature Trust Co. > > > Valid From: 2016-03-17 16:40:46 > > > Valid Until: 2021-03-17 16:40:46 > > > > > > (2) and (3) should be deleted. > > > > Ok, unfortunately there is no remove option in cacert-manage :-( > (there > > is an RFE for it). > > > > You'll need to delete the blobs out of LDAP using ldapmodify or > > ldapdelete. > > > > You will find them in cn=certificates,cn=ipa,cn=etc,dc=example,dc=com > > > > rob > > > > > > > > > > > On Fri, Oct 12, 2018 at 9:49 PM Rob Crittenden > > <rcrit...@redhat.com <mailto:rcrit...@redhat.com> > > > <mailto:rcrit...@redhat.com <mailto:rcrit...@redhat.com>>> wrote: > > > > > > Andrey Bondarenko via FreeIPA-users wrote: > > > > Hello, > > > > > > > > If anyone can point me in the right direction how to remove > CA's > > > certs I > > > > don't need from the freeipa safely? > > > > > > Remove from where? How were they added? > > > > > > rob > > > > > > > > > > > > -- > > > > > > > > > With best regards, Andrey Bondarenko mail:m...@andreybondarenko.com > > <mailto:mail%3...@andreybondarenko.com> > > > <mailto:mail%3...@andreybondarenko.com > > <mailto:mail%253...@andreybondarenko.com>> > https://andreybondarenko.com > > > <https://andreybondarenko.com/> skype:andrey.bondarenko phone, > > Telegram, > > > WhatsApp, etc:+420-773-591-443 > > > > > > > > > 7758 40AC 88CC 96C9 0C9A 9EE4 3B72 547B 7538 D41B > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > > <mailto:freeipa-users@lists.fedorahosted.org> > > > To unsubscribe send an email to > > freeipa-users-le...@lists.fedorahosted.org > > <mailto:freeipa-users-le...@lists.fedorahosted.org> > > > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > > > List Guidelines: > > https://fedoraproject.org/wiki/Mailing_list_guidelines > > > List Archives: > > > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > > > > > > > > > > > -- > > > > > > With best regards, Andrey Bondarenko mail:m...@andreybondarenko.com > > <mailto:mail%3...@andreybondarenko.com> https://andreybondarenko.com > > <https://andreybondarenko.com/> skype:andrey.bondarenko phone, Telegram, > > WhatsApp, etc:+420-773-591-443 > > > > > > 7758 40AC 88CC 96C9 0C9A 9EE4 3B72 547B 7538 D41B > > > > > > > > > > -- With best regards, Andrey Bondarenkomail:me@andreybondarenko.comhttps://andreybondarenko.com skype:andrey.bondarenko phone, Telegram, WhatsApp, etc:+420-773-591-443 7758 40AC 88CC 96C9 0C9A 9EE4 3B72 547B 7538 D41B
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
