On ti, 23 touko 2017, Jake via FreeIPA-users wrote:
Worked! Thanks!

I Suppose there isn't a way to get the output of getcert as
JSON/object? I would prefer to do this with ansible =)
Not directly. You may want to explore D-Bus interface provided by
certmonger.


Also, "sudo systemctl restart httpd" post renewal (looks like the hooks
aren't configured for the cert renewal to restart dependent services.)
For httpd certs configured by IPA install, there is a script that
restarts httpd, as can be seen in 'post-save command' below:

Request ID '20170215074615':
        status: MONITORING
        stuck: no
        key pair storage: 
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS 
Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
        certificate: 
type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS 
Certificate DB'
        CA: IPA
        issuer: CN=Certificate Authority,O=EXAMPLE.COM
        subject: CN=ipa.example.com,O=EXAMPLE.COM
        expires: 2019-01-29 18:11:46 UTC
        dns: ipa.example.com
        key usage: 
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
        eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command: post-save command: /usr/libexec/ipa/certmonger/restart_httpd
        track: yes
        auto-renew: yes

--
/ Alexander Bokovoy
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to