On 8.7.2016 15:31, Rob Crittenden wrote: > Petr Spacek wrote: >> Hi, >> >> our docs >> >> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/install-server.html#install-determine-ca >> >> >> claim this: >> "The certmonger service is not used to track certificates. Therefore, it does >> not warn you of impending certificate expiration." >> >> Is this correct? >> >> Can we at least configure certmonger to passively track the certificates and >> throw warning about impending expiration into logs? >> > > Throw a warning where? Register an e-mail address as part of the tracking > perhaps? > > It would probably be fairly easy to write a "CA" that sends an e-mail. The > trick, and this has always tripped us up, is having an MTA configured.
I would start with logs, as I wrote in the original message. This will naturally evolve into something else when we finally get user-configurable hooks. In any case, having certmonger configured to track the certs is prerequisite for all cases... -- Petr^2 Spacek -- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code