Johannes Beichter via FreeIPA-users wrote: > Here is the info. `ipa-getcert list` says there are 9 certificates, but only > shows 3?
ipa-getcert only shows certificates issued via the IPA API. The other certificates are issued directly from the CA. getcert list will show all of them. Try the solution in this thread: https://lists.fedoraproject.org/archives/list/[email protected]/message/SFYCYKLZCTC5F3QHPPXWA6TDF5OYRACY/ rob > > [admin@ipaserver ~]$ ipa --version > VERSION: 4.9.6, API_VERSION: 2.245 > > [admin@ipaserver ~]$ cat /etc/os-release > NAME="Rocky Linux" > VERSION="8.5 (Green Obsidian)" > ... > > [admin@ipaserver ~]$ ipa cert-show 1 > ipa: ERROR: Zertifikat-Operation kann nicht abgeschlossen werden: Request > failed with status 403: Non-2xx response from CA REST API: 403. (403) > > [admin@ipaserver ~]$ sudo ipa-getcert list -v > Number of certificates and requests being tracked: 9. > Request ID '20191231135138': > status: MONITORING > stuck: no > key pair storage: type=FILE,location='/var/kerberos/krb5kdc/kdc.key' > certificate: type=FILE,location='/var/kerberos/krb5kdc/kdc.crt' > CA: IPA > issuer: CN=Certificate Authority,O=SOMEDOMAIN.LOCAL > subject: CN=ipaserver.somedomain.local,O=SOMEDOMAIN.LOCAL > expires: 2023-12-04 14:51:45 CET > principal name: krbtgt/[email protected] > key usage: > digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment > eku: id-kp-serverAuth,id-pkinit-KPKdc > profile: KDCs_PKINIT_Certs > pre-save command: > post-save command: /usr/libexec/ipa/certmonger/renew_kdc_cert > track: yes > auto-renew: yes > Request ID '20210501153310': > status: MONITORING > stuck: no > key pair storage: > type=NSSDB,location='/etc/dirsrv/slapd-SOMEDOMAIN-LOCAL',nickname='Server-Cert',token='NSS > Certificate DB',pinfile='/etc/dirsrv/slapd-SOMEDOMAIN-LOCAL/pwdfile.txt' > certificate: > type=NSSDB,location='/etc/dirsrv/slapd-SOMEDOMAIN-LOCAL',nickname='Server-Cert',token='NSS > Certificate DB' > CA: IPA > issuer: CN=Certificate Authority,O=SOMEDOMAIN.LOCAL > subject: CN=ipaserver.somedomain.local,O=SOMEDOMAIN.LOCAL > expires: 2023-12-04 14:51:01 CET > dns: ipaserver.somedomain.local > principal name: ldap/[email protected] > key usage: > digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment > eku: id-kp-serverAuth,id-kp-clientAuth > profile: caIPAserviceCert > pre-save command: > post-save command: /usr/libexec/ipa/certmonger/restart_dirsrv > SOMEDOMAIN-LOCAL > track: yes > auto-renew: yes > Request ID '20210501153311': > status: MONITORING > stuck: no > key pair storage: > type=FILE,location='/var/lib/ipa/private/httpd.key',pinfile='/var/lib/ipa/passwds/ipaserver.somedomain.local-443-RSA' > certificate: type=FILE,location='/var/lib/ipa/certs/httpd.crt' > CA: IPA > issuer: CN=Certificate Authority,O=SOMEDOMAIN.LOCAL > subject: CN=ipaserver.somedomain.local,O=SOMEDOMAIN.LOCAL > expires: 2023-12-19 23:40:06 CET > dns: ipaserver.somedomain.local,ipa-ca.somedomain.local > principal name: HTTP/[email protected] > key usage: > digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment > eku: id-kp-serverAuth,id-kp-clientAuth > profile: caIPAserviceCert > pre-save command: > post-save command: /usr/libexec/ipa/certmonger/restart_httpd > track: yes > auto-renew: yes > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam on the list, report it: > https://pagure.io/fedora-infrastructure > _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
