Hi, On Mon, Sep 5, 2022 at 6:25 PM Ahmad Sahibzada via FreeIPA-users < [email protected]> wrote:
> Thanks flo, I just need to verify a few things before i perform the steps > again. Do you think these certs were renewed by dogtag-ipa-ca-renew-agent ? > because when i typed the command getcerl list . it returned nothing. > Therefore I had to manually set tracking on them. with the following command > > getcert start-tracking -d /etc/pki/pki-tomcat/alias -n "auditSigningCert > cert-pki-ca" -c IPA -P <<internal PIN>> -B > /usr/libexec/ipa/certmonger/stop_pkicad -C > '/usr/libexec/ipa/certmonger/renew_ca_cert "auditSigningCert cert-pki-ca"'. > > With dogtag CA it gave me the following output > [root@hq-idm-lxd-01 ~]# getcert start-tracking -d > /etc/pki/pki-tomcat/alias -n "auditSigningCert cert-pki-ca" -c > dogtag-ipa-ca-renew-agent > -P 952444944888 -B /usr/libexec/ipa/certmonger/stop_pkicad -C > '/usr/libexec/ipa/certmonger/renew_ca_cert "auditSigningCert cert-pki-ca"' > No CA with name "dogtag-ipa-ca-renew-agent" found. > > What do you get with "getcert list-cas"? On this version of IPA you should also IPA, dogtag-ipa-renew-agent, dogtag-ipa-ca-renew-agent and dogtag-ipa-ca-renew-agent-reuse IIRC. The CA helper dogtag-ipa-ca-renew-agent should be configured, with the helper command "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit". If it's missing you can add it back using getcert add-ca -c dogtag-ipa-ca-renew-agent -e "/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit" flo Thanks > ZS > > > > Thank you > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
