Andrey Bondarenko wrote: > Thank you! > >> You'll need to delete the blobs out of LDAP using ldapmodify or > ldapdelete. > > But those certs are located not only in LDAP, am I correct? Wouldn't I > brake the consistency of the IPA if I will ldapdelete them?
Re-run ipa-certupdate to refresh local files/NSS databases. rob > > On Mon, Oct 15, 2018 at 4:52 PM Rob Crittenden <[email protected] > <mailto:[email protected]>> wrote: > > Andrey Bondarenko via FreeIPA-users wrote: > > Hello, > > > > after some tests with Letsencrypt on my test env DEVDOMAN.COM > <http://DEVDOMAN.COM> > > <http://DEVDOMAN.COM> I have something like this: > > ipa-replica-install --mkhomedir --setup-ca --setup-dns > > --auto-forwarders -p password > > > > Successfully retrieved CA cert > > Subject: CN=Certificate Authority,O=DEVDOMAIN.COM > <http://DEVDOMAIN.COM> > > <http://DEVDOMAIN.COM> > > Issuer: CN=Certificate Authority,O=DEVDOMAIN.COM > <http://DEVDOMAIN.COM> > > <http://DEVDOMAIN.COM> > > Valid From: 2018-09-27 12:48:51 > > Valid Until: 2038-09-27 12:48:51 > > > > Subject: CN=DST Root CA X3,O=Digital Signature Trust Co. > > Issuer: CN=DST Root CA X3,O=Digital Signature Trust Co. > > Valid From: 2000-09-30 21:12:19 > > Valid Until: 2021-09-30 14:01:15 > > > > Subject: CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US > > Issuer: CN=DST Root CA X3,O=Digital Signature Trust Co. > > Valid From: 2016-03-17 16:40:46 > > Valid Until: 2021-03-17 16:40:46 > > > > (2) and (3) should be deleted. > > Ok, unfortunately there is no remove option in cacert-manage :-( (there > is an RFE for it). > > You'll need to delete the blobs out of LDAP using ldapmodify or > ldapdelete. > > You will find them in cn=certificates,cn=ipa,cn=etc,dc=example,dc=com > > rob > > > > > > > On Fri, Oct 12, 2018 at 9:49 PM Rob Crittenden > <[email protected] <mailto:[email protected]> > > <mailto:[email protected] <mailto:[email protected]>>> wrote: > > > > Andrey Bondarenko via FreeIPA-users wrote: > > > Hello, > > > > > > If anyone can point me in the right direction how to remove CA's > > certs I > > > don't need from the freeipa safely? > > > > Remove from where? How were they added? > > > > rob > > > > > > > > -- > > > > > > With best regards, Andrey Bondarenko mail:[email protected] > <mailto:mail%[email protected]> > > <mailto:mail%[email protected] > <mailto:mail%[email protected]>> https://andreybondarenko.com > > <https://andreybondarenko.com/> skype:andrey.bondarenko phone, > Telegram, > > WhatsApp, etc:+420-773-591-443 > > > > > > 7758 40AC 88CC 96C9 0C9A 9EE4 3B72 547B 7538 D41B > > > > > > > > > > > > > > _______________________________________________ > > FreeIPA-users mailing list -- [email protected] > <mailto:[email protected]> > > To unsubscribe send an email to > [email protected] > <mailto:[email protected]> > > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > > List Guidelines: > https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > > https://lists.fedorahosted.org/archives/list/[email protected] > > > > > > -- > > > With best regards, Andrey Bondarenko mail:[email protected] > <mailto:mail%[email protected]> https://andreybondarenko.com > <https://andreybondarenko.com/> skype:andrey.bondarenko phone, Telegram, > WhatsApp, etc:+420-773-591-443 > > > 7758 40AC 88CC 96C9 0C9A 9EE4 3B72 547B 7538 D41B > > > > _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
