> On 12/31/19 1:47 AM, luckydog xf via FreeIPA-users wrote:
> Hi,
>
> can you check if the cert is revoked with:
> $ certutil -L -d /etc/pki/pki-tomcat/alias/ -n 'Server-Cert cert-pki-ca'
> | grep -i Serial
> (note the Serial number)
> $ ipa cert-show <serial found above>
>
> Does the last command display "Revoked: True" with a Revocation reason
> or "Revoked: False"?
>
> flo
[root@ipa ~]# certutil -L -d /etc/pki/pki-tomcat/alias/ -n 'Server-Cert
cert-pki-ca' | grep serial -i
Serial Number: 268238851 (0xffd0003)
****************************************************************
[root@ipa ~]# ipa cert-show 268238851
Issuing CA: ipa
Certificate: ..... ### chopped ###
Subject: CN=ipa.ipa.pthl.hk,O=IPA.PTHL.HK
Issuer: CN=Certificate Authority,O=IPA.PTHL.HK
Not Before: Tue Nov 21 08:43:11 2017 UTC
Not After: Mon Nov 11 08:43:11 2019 UTC
Serial number: 268238851
Serial number (hex): 0xFFD0003
Revoked: True
Revocation reason: 0
---------------------------------------------------
Yes, this serial Number was marked 'revoked'.
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
