Rob Crittenden <> writes:

> certmonger doesn't support storing certificates in a java keystore.

That's what I found out :-)

> The tricky bit might be in dealing with the CSR. certmonger needs the
> private key in order do the renewal.
> I guess one thing you could do is a straight ipa-getcert -f
> /path/to/cert.pem -k /path/to/key.pem ... <other options> -C
> /path/to/your/post/script

Something like that might work and I hoped that someone might have done
and documented it before... 

> Then take the resulting PEM files, create a PKCS#12 file out of them,
> and import that into your java keystore.

That's what I'll try - let's see how that works out.


This space is intentionally left blank.
FreeIPA-users mailing list --
To unsubscribe send an email to

Reply via email to