On 06/21/2017 07:41 AM, Ian Pilcher via FreeIPA-users wrote:
As part of my debugging efforts (see "Expired certificates" thread), I
changed modified the settings for the dogtag-ipa-renew-agent and
dogtag-ipa-ca-renew-agent CAs.  Unfortunately, I forgot to make a note
of the original settings.

Are these correct for IPA 4.4 (on CentOS 7)?

 CA 'SelfSign':
         is-default: no
         ca-type: INTERNAL:SELF
         next-serial-number: 01
 CA 'IPA':
         is-default: no
         ca-type: EXTERNAL
         helper-location: /usr/libexec/certmonger/ipa-server-guard
/usr/libexec/certmonger/ipa-submit
 CA 'certmaster':
         is-default: no
         ca-type: EXTERNAL
         helper-location: /usr/libexec/certmonger/certmaster-submit
 CA 'dogtag-ipa-renew-agent':
         is-default: no
         ca-type: EXTERNAL
         helper-location: /usr/libexec/certmonger/ipa-server-guard
/usr/libexec/certmonger/dogtag-ipa-renew-agent-submit
 CA 'local':
         is-default: no
         ca-type: EXTERNAL
         helper-location: /usr/libexec/certmonger/local-submit
 CA 'dogtag-ipa-ca-renew-agent':
         is-default: no
         ca-type: EXTERNAL
         helper-location: /usr/libexec/certmonger/ipa-server-guard
/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit


Hi,

your CA helpers are properly configured, except for the last one, which should look like the following:

CA 'dogtag-ipa-ca-renew-agent':
        is-default: no
        ca-type: EXTERNAL
        helper-location: 
/usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit

HTH,
Flo
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to