On Mon, 2018-10-22 at 12:07 -0400, Rob Crittenden via FreeIPA-users
wrote:
> Gah, regarding
>
> Missing tracking for {'cert-nickname': 'Server-Cert', 'ca-name':
> 'IPA',
> 'cert-database': '/etc/httpd/alias', 'cert-postsave-command':
> '/usr/libexec/ipa/certmonger/restart_httpd'}
>
> never mind. The cert is in the verbose output you sent! It is fine
> and
> issued by IPA.
>
> So this looks like the tracking is simply missing. Can you run:
>
> # ipa-getcert list
>
> You should have two certs, one for Apache tracking /etc/httpd/alias
> and
> one for LDAP tracking /etc/dirsrv/slapd-REALM
>
> If you have one for Apache can you provide the output of the list
> command?
>
> If you don't then you can re-create it (this doesn't touch the certs
> themselves) via:
>
> # ipa-getcert start-tracking -d /etc/httpd/alias -n Server-Cert -C
> /usr/libexec/ipa/certmonger/restart_httpd
>
Thanks for looking into my output! Much appreciated
/etc/httpd/alias is being tracked. Here is the output:
[root@ipa1 checkcerts]# ipa-getcert list
Number of certificates and requests being tracked: 9.
Request ID '20181001153507':
status: MONITORING
stuck: no
key pair storage: type=NSSDB,location='/etc/dirsrv/slapd-HOME-
FAZANT-NET',nickname='Server-Cert',token='NSS Certificate
DB',pinfile='/etc/dirsrv/slapd-HOME-FAZANT-NET/pwdfile.txt'
certificate: type=NSSDB,location='/etc/dirsrv/slapd-HOME-
FAZANT-NET',nickname='Server-Cert',token='NSS Certificate DB'
CA: IPA
issuer: CN=Certificate Authority,O=HOME.FAZANT.NET
subject: CN=ipa1.home.fazant.net,O=HOME.FAZANT.NET
expires: 2020-10-03 21:06:09 UTC
principal name: ldap/ipa1.home.fazant....@home.fazant.net
key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command: /usr/libexec/ipa/certmonger/restart_dirsrv
HOME-FAZANT-NET
track: yes
auto-renew: yes
Request ID '20181003195731':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/etc/httpd/alias',nickname='Server-
Cert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
certificate:
type=NSSDB,location='/etc/httpd/alias',nickname='Server-
Cert',token='NSS Certificate DB'
CA: IPA
issuer: CN=Certificate Authority,O=HOME.FAZANT.NET
subject: CN=ipa1.home.fazant.net,O=HOME.FAZANT.NET
expires: 2020-05-21 13:53:40 UTC
principal name: HTTP/ipa1.home.fazant....@home.fazant.net
key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command:
track: yes
auto-renew: yes
BR, Louis
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
