One more thing: When exporting, I got these warnings:
WARNING: The SHA-1 algorithm used in
org.mozilla.jss.pkcs12.SafeBag::getLocalKeyIDFromCert:264 is deprecated. Use a
more secure algorithm.
I suppose the key was crated with SHA-1 back then (5 years ago). Is there
anything I can do about
What is the kracert.p12 used for?
I get this error when I try to export:
[root@aaa-01 ca]# pki-server subsystem-cert-export kra
--pkcs12-file=/root/kracertbackup.p12
ERROR: No kra subsystem in instance pki-tomcat.
___
FreeIPA-users mailing list --
Thank you. I used the procedure mentioned here
https://www.dogtagpki.org/wiki/PKCS12Export and was able to export the key.
___
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to
I have an IPA CA that is running fine for several years now. I also have two
replicas installed.
Today while creating a backup I realized I don't know the password for the file
/root/cacert.p12 where the private key of the CA should be stored. The one I
thought it should be (same as the pass
Hi Rob,
You are right. The certs are automatically tracked and renewed. I have two IPA
servers. When using the command getcert list on the first one it did not show
me any of the certificates I have issued for my servers (I'm talking about ssl
sertificates for web servers in my network).
But
Hi Rob,
Thank you for taking the time to respond.
Using the command you suggested (getcert list) I can see that the system is not
monitoring any of my host certificates. The ones it is tracking seem to be
certificates needed for it's internal operation.
Is the default behaviour that certs
Hi all,
I have a question regarding renewal of certificates issued to http services.
I read somewhere that these certificates are automatically renewed but could
not find any more details.
My deployment is a standard one and I'm using the caIPAserviceCert profile.
Can anyone shed some light on
