On 8.7.2016 15:31, Rob Crittenden wrote:
> Petr Spacek wrote:
>> Hi,
>>
>> our docs
>>
>> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/install-server.html#install-determine-ca
>>
>>
>> claim this:
>> "The certmonger service is not used to track certificates. Therefore, it does
>> not warn you of impending certificate expiration."
>>
>> Is this correct?
>>
>> Can we at least configure certmonger to passively track the certificates and
>> throw warning about impending expiration into logs?
>>
> 
> Throw a warning where? Register an e-mail address as part of the tracking
> perhaps?
> 
> It would probably be fairly easy to write a "CA" that sends an e-mail. The
> trick, and this has always tripped us up, is having an MTA configured.

I would start with logs, as I wrote in the original message. This will
naturally evolve into something else when we finally get user-configurable 
hooks.

In any case, having certmonger configured to track the certs is prerequisite
for all cases...

-- 
Petr^2 Spacek

-- 
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to