Hi, On Tue, May 9, 2023 at 1:24 PM Justin Sanderson via FreeIPA-users < [email protected]> wrote:
> > Hey Flo - thanks so much for your willingness to help. > > > My setup is just a single VM server. I will give it a try tonight once > everyone has gone home for the day. > > Also, does it make sense to have certmonger monitor this cert? I found > a command on the RH access portal that shows how to add it to certmonger > but I had doubts about whether it would update LDAP when the cert got > renewed... > > By default the cert should already be tracked by certmonger. If you run > *getcert list*,you should see it in the list of tracked certs. For instance on my system: # getcert list -f /var/lib/ipa/ra-agent.pem Number of certificates and requests being tracked: 12. Request ID '20230324140132': status: MONITORING stuck: no key pair storage: type=FILE,location='/var/lib/ipa/ra-agent.key' certificate: type=FILE,location='/var/lib/ipa/ra-agent.pem' CA: dogtag-ipa-ca-renew-agent issuer: CN=Certificate Authority,O=IPA.TEST subject: CN=IPA RA,O=IPA.TEST issued: 2022-05-31 12:32:55 UTC expires: 2024-05-20 12:32:55 UTC key usage: digitalSignature,keyEncipherment,dataEncipherment eku: id-kp-clientAuth profile: caSubsystemCert pre-save command: /usr/libexec/ipa/certmonger/renew_ra_cert_pre post-save command: /usr/libexec/ipa/certmonger/renew_ra_cert track: yes auto-renew: yes With a single server (that is the renewal master), certmonger renewal should put the new cert directly in the file /var/lib/ipa/ra-agent.pem (and then later in LDAP but that's not relevant in this case). flo > > Thanks again for the help and i'll report back the result tonight. > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
