[Freeipa-users] Re: Testing requested - certificate checking tool

Rob Crittenden via FreeIPA-users Mon, 22 Oct 2018 09:06:49 -0700

Gah, regarding

Missing tracking for {'cert-nickname': 'Server-Cert', 'ca-name': 'IPA',
'cert-database': '/etc/httpd/alias', 'cert-postsave-command':
'/usr/libexec/ipa/certmonger/restart_httpd'}


never mind. The cert is in the verbose output you sent! It is fine and
issued by IPA.

So this looks like the tracking is simply missing. Can you run:

# ipa-getcert list

You should have two certs, one for Apache tracking /etc/httpd/alias and
one for LDAP tracking /etc/dirsrv/slapd-REALM

If you have one for Apache can you provide the output of the list command?

If you don't then you can re-create it (this doesn't touch the certs
themselves) via:

# ipa-getcert start-tracking -d /etc/httpd/alias -n Server-Cert -C
/usr/libexec/ipa/certmonger/restart_httpd

rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

[Freeipa-users] Re: Testing requested - certificate checking tool

Reply via email to