On ti, 23 touko 2017, Jake via FreeIPA-users wrote:
Worked! Thanks!

I Suppose there isn't a way to get the output of getcert as
JSON/object? I would prefer to do this with ansible =)
Not directly. You may want to explore D-Bus interface provided by

Also, "sudo systemctl restart httpd" post renewal (looks like the hooks
aren't configured for the cert renewal to restart dependent services.)
For httpd certs configured by IPA install, there is a script that
restarts httpd, as can be seen in 'post-save command' below:

Request ID '20170215074615':
        status: MONITORING
        stuck: no
        key pair storage: 
Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
Certificate DB'
        CA: IPA
        issuer: CN=Certificate Authority,O=EXAMPLE.COM
        subject: CN=ipa.example.com,O=EXAMPLE.COM
        expires: 2019-01-29 18:11:46 UTC
        dns: ipa.example.com
        key usage: 
        eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command: post-save command: /usr/libexec/ipa/certmonger/restart_httpd
        track: yes
        auto-renew: yes

/ Alexander Bokovoy
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to