We were not sure that Signing-Cert required for LDAP/Apache certificates renewal. Thank you very much for your update Rob. We are going to renew the certificates without Signing-Cert.
On Mon, Jul 25, 2016 at 6:08 PM, Rob Crittenden <[email protected]> wrote: > Linov Suresh wrote: > >> We are using CentOS 6.4/FreeIPA 3.0.0 >> >> LDAP/Apache certificates were expired and when we tried to renew, we >> found Signing-Cert is missing. >> >> # certutil -L -d /etc/httpd/alias -n Signing-Cert certutil: Could not >> find cert: Signing-Cert : File not found >> >> How do we recreate Signing-Cert certificate? We use master-master >> replica. Please help. >> >> >> > Only the initial master got a signing cert IIRC. It was used to sign the > Firefox configuration jar. Are you using this? Recent versions of Firefox > don't allow this kind of signed jar anymore and it has been dropped > upstream. > > Are you just trying to be thorough or is this causing some real problem? > > rob >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
