https://frasertweedale.github.io/blog-redhat/posts/2019-05-24-ipa-cert-fix.html What does ipa-cert-fix do? In brief, the steps performed by ipa-cert-fix are:
Inspect deployment to work out which certificates need renewing. This includes both Dogtag system certificates, FreeIPA-specific certificates (HTTP, LDAP, KDC and IPA RA). Print intentions and await operator confirmation. Invoke pki-server cert-fix to renew expired certificates, including FreeIPA-specific certificates. Install renewed FreeIPA-specific certificates to their respective locations. If any shared certificates were renewed (Dogtag system certificates excluding HTTP, and IPA RA), import them to the LDAP ca_renewal subtree and set the caRenewalMaster configuration to be the current server. This allows CA replicas to pick up the renewed shared certificates. Restart FreeIPA (ipactl restart). This feature was released after version 4.6, so it can be handled manually in earlier versions, right?But what exactly is going on in this one, does anybody know? _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
