I see the replica listed under services idm's web-ui. It appears as "
HTTP/replica@DOMAIN". Is this normal ? I'm not sure if it's being tracked
for auto-renewal or if it was issued as a one time cert during setup. What
would be the steps to fix this ?
On Wed, May 24, 2017 at 12:00 AM, Alexander Bokovoy <aboko...@redhat.com>
> On ti, 23 touko 2017, Prasun Gera via FreeIPA-users wrote:
>> I posted this in the earlier thread, but didn't get a response. I was able
>> to fix this on the master, but "getcert list -d /etc/httpd/alias -n
>> "Server-Cert" on the replica doesn't return anything. Are the replica's
>> certs handled differently ?
> I don't think there is any difference, not at least code-wise, for how
> HTTP service certificate is tracked in the case of IPA CA.
> In case of a replica promotion a request to issue HTTP service
> certificate is routed to the original IPA CA master (because the one we
> will have on the replica itself is not yet here). Either way, certmonger
> is set to track the same Server-Cert certificate in /etc/httpd/alias
> during server upgrade process that is one of the last steps when replica
> is installed.
> / Alexander Bokovoy
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org