Thanks flo, I just need to verify a few things before i perform the steps again. Do you think these certs were renewed by dogtag-ipa-ca-renew-agent ? because when i typed the command getcerl list . it returned nothing. Therefore I had to manually set tracking on them. with the following command
getcert start-tracking -d /etc/pki/pki-tomcat/alias -n "auditSigningCert cert-pki-ca" -c IPA -P <<internal PIN>> -B /usr/libexec/ipa/certmonger/stop_pkicad -C '/usr/libexec/ipa/certmonger/renew_ca_cert "auditSigningCert cert-pki-ca"'. With dogtag CA it gave me the following output [root@hq-idm-lxd-01 ~]# getcert start-tracking -d /etc/pki/pki-tomcat/alias -n "auditSigningCert cert-pki-ca" -c dogtag-ipa-ca-renew-agent -P 952444944888 -B /usr/libexec/ipa/certmonger/stop_pkicad -C '/usr/libexec/ipa/certmonger/renew_ca_cert "auditSigningCert cert-pki-ca"' No CA with name "dogtag-ipa-ca-renew-agent" found. Thanks ZS Thank you _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
