Here is the info. `ipa-getcert list` says there are 9 certificates, but only
shows 3?
[admin@ipaserver ~]$ ipa --version
VERSION: 4.9.6, API_VERSION: 2.245
[admin@ipaserver ~]$ cat /etc/os-release
NAME="Rocky Linux"
VERSION="8.5 (Green Obsidian)"
...
[admin@ipaserver ~]$ ipa cert-show 1
ipa: ERROR: Zertifikat-Operation kann nicht abgeschlossen werden: Request
failed with status 403: Non-2xx response from CA REST API: 403. (403)
[admin@ipaserver ~]$ sudo ipa-getcert list -v
Number of certificates and requests being tracked: 9.
Request ID '20191231135138':
status: MONITORING
stuck: no
key pair storage: type=FILE,location='/var/kerberos/krb5kdc/kdc.key'
certificate: type=FILE,location='/var/kerberos/krb5kdc/kdc.crt'
CA: IPA
issuer: CN=Certificate Authority,O=SOMEDOMAIN.LOCAL
subject: CN=ipaserver.somedomain.local,O=SOMEDOMAIN.LOCAL
expires: 2023-12-04 14:51:45 CET
principal name: krbtgt/[email protected]
key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-pkinit-KPKdc
profile: KDCs_PKINIT_Certs
pre-save command:
post-save command: /usr/libexec/ipa/certmonger/renew_kdc_cert
track: yes
auto-renew: yes
Request ID '20210501153310':
status: MONITORING
stuck: no
key pair storage:
type=NSSDB,location='/etc/dirsrv/slapd-SOMEDOMAIN-LOCAL',nickname='Server-Cert',token='NSS
Certificate DB',pinfile='/etc/dirsrv/slapd-SOMEDOMAIN-LOCAL/pwdfile.txt'
certificate:
type=NSSDB,location='/etc/dirsrv/slapd-SOMEDOMAIN-LOCAL',nickname='Server-Cert',token='NSS
Certificate DB'
CA: IPA
issuer: CN=Certificate Authority,O=SOMEDOMAIN.LOCAL
subject: CN=ipaserver.somedomain.local,O=SOMEDOMAIN.LOCAL
expires: 2023-12-04 14:51:01 CET
dns: ipaserver.somedomain.local
principal name: ldap/[email protected]
key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
profile: caIPAserviceCert
pre-save command:
post-save command: /usr/libexec/ipa/certmonger/restart_dirsrv
SOMEDOMAIN-LOCAL
track: yes
auto-renew: yes
Request ID '20210501153311':
status: MONITORING
stuck: no
key pair storage:
type=FILE,location='/var/lib/ipa/private/httpd.key',pinfile='/var/lib/ipa/passwds/ipaserver.somedomain.local-443-RSA'
certificate: type=FILE,location='/var/lib/ipa/certs/httpd.crt'
CA: IPA
issuer: CN=Certificate Authority,O=SOMEDOMAIN.LOCAL
subject: CN=ipaserver.somedomain.local,O=SOMEDOMAIN.LOCAL
expires: 2023-12-19 23:40:06 CET
dns: ipaserver.somedomain.local,ipa-ca.somedomain.local
principal name: HTTP/[email protected]
key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
profile: caIPAserviceCert
pre-save command:
post-save command: /usr/libexec/ipa/certmonger/restart_httpd
track: yes
auto-renew: yes
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
