Hi , getcert list Number of certificates and requests being tracked: 7. Request ID '20221116023302': status: MONITORING stuck: no key pair storage: type=FILE,location='/var/lib/ipa/ra-agent.key' certificate: type=FILE,location='/var/lib/ipa/ra-agent.pem' CA: dogtag-ipa-ca-renew-agent issuer: CN=Certificate Authority,O=WINGON.HK subject: CN=IPA RA,O=WINGON.HK issued: 2022-11-16 10:33:02 HKT expires: 2024-11-05 10:33:02 HKT key usage: digitalSignature,keyEncipherment,dataEncipherment eku: id-kp-clientAuth profile: caSubsystemCert pre-save command: /usr/libexec/ipa/certmonger/renew_ra_cert_pre post-save command: /usr/libexec/ipa/certmonger/renew_ra_cert track: yes auto-renew: yes Request ID '20221116023307': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert cert-pki-ca',token='NSS Certificate DB',pin set certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert cert-pki-ca',token='NSS Certificate DB' CA: dogtag-ipa-ca-renew-agent issuer: CN=Certificate Authority,O=WINGON.HK subject: CN=CA Audit,O=WINGON.HK issued: 2022-11-16 10:31:47 HKT expires: 2024-11-05 10:31:47 HKT key usage: digitalSignature,nonRepudiation profile: caSignedLogCert pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad post-save command: /usr/libexec/ipa/certmonger/renew_ca_cert "auditSigningCert cert-pki-ca" track: yes auto-renew: yes Request ID '20221116023309': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert cert-pki-ca',token='NSS Certificate DB',pin set certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert cert-pki-ca',token='NSS Certificate DB' CA: dogtag-ipa-ca-renew-agent issuer: CN=Certificate Authority,O=WINGON.HK subject: CN=OCSP Subsystem,O=WINGON.HK issued: 2022-11-16 10:31:46 HKT expires: 2024-11-05 10:31:46 HKT eku: id-kp-OCSPSigning profile: caOCSPCert pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad post-save command: /usr/libexec/ipa/certmonger/renew_ca_cert "ocspSigningCert cert-pki-ca" track: yes auto-renew: yes Request ID '20221116023310': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='subsystemCert cert-pki-ca',token='NSS Certificate DB',pin set certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='subsystemCert cert-pki-ca',token='NSS Certificate DB' CA: dogtag-ipa-ca-renew-agent issuer: CN=Certificate Authority,O=WINGON.HK subject: CN=CA Subsystem,O=WINGON.HK issued: 2022-11-16 10:31:46 HKT expires: 2024-11-05 10:31:46 HKT key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment eku: id-kp-clientAuth profile: caSubsystemCert pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad post-save command: /usr/libexec/ipa/certmonger/renew_ca_cert "subsystemCert cert-pki-ca" track: yes auto-renew: yes Request ID '20221116023311': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert cert-pki-ca',token='NSS Certificate DB',pin set certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert cert-pki-ca',token='NSS Certificate DB' CA: dogtag-ipa-ca-renew-agent issuer: CN=Certificate Authority,O=WINGON.HK subject: CN=Certificate Authority,O=WINGON.HK issued: 2022-11-16 10:31:44 HKT expires: 2042-11-16 10:31:44 HKT key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign profile: caCACert pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad post-save command: /usr/libexec/ipa/certmonger/renew_ca_cert "caSigningCert cert-pki-ca" track: yes auto-renew: yes Request ID '20221116023312': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert cert-pki-ca',token='NSS Certificate DB',pin set certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert cert-pki-ca',token='NSS Certificate DB' CA: dogtag-ipa-ca-renew-agent issuer: CN=Certificate Authority,O=WINGON.HK subject: CN=wocfreeipa.wingon.hk,O=WINGON.HK issued: 2022-11-16 10:31:46 HKT expires: 2024-11-05 10:31:46 HKT dns: wocfreeipa.wingon.hk key usage: digitalSignature,keyEncipherment,dataEncipherment eku: id-kp-serverAuth profile: caServerCert pre-save command: /usr/libexec/ipa/certmonger/stop_pkicad post-save command: /usr/libexec/ipa/certmonger/renew_ca_cert "Server-Cert cert-pki-ca" track: yes auto-renew: yes Request ID '20221116023354': status: MONITORING stuck: no key pair storage: type=FILE,location='/var/kerberos/krb5kdc/kdc.key' certificate: type=FILE,location='/var/kerberos/krb5kdc/kdc.crt' CA: IPA issuer: CN=Certificate Authority,O=WINGON.HK subject: CN=wocfreeipa.wingon.hk,O=WINGON.HK issued: 2022-11-16 10:33:55 HKT expires: 2024-11-16 10:33:55 HKT dns: wocfreeipa.wingon.hk principal name: krbtgt/wingon...@wingon.hk key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment eku: id-kp-serverAuth,id-pkinit-KPKdc profile: KDCs_PKINIT_Certs pre-save command: post-save command: /usr/libexec/ipa/certmonger/renew_kdc_cert track: yes auto-renew: yes ldapsearch -x -o ldif-wrap=no -LLL -s base -h `hostname` -p 389 -b uid=ipara,ou=people,o=ipaca description usercertificate* dn: uid=ipara,ou=people,o=ipaca description: 2;7;CN=Certificate Authority,O=WINGON.HK;CN=IPA RA,O=WINGON.HK
openssl x509 -nameopt RFC2253 -noout -subject -serial -issuer -in /var/lib/ipa/ra-agent.pem subject=CN=IPA RA,O=WINGON.HK serial=07 issuer=CN=Certificate Authority,O=WINGON.HK [root@wocfreeipa ~]# certutil -L -d /etc/pki/pki-tomcat/alias/ -n ipaCert certutil: Could not find cert: ipaCert : PR_FILE_NOT_FOUND_ERROR: File not found [root@wocfreeipa ~]# certutil -L -d /etc/pki/pki-tomcat/alias/ Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI caSigningCert cert-pki-ca CTu,Cu,Cu ocspSigningCert cert-pki-ca u,u,u subsystemCert cert-pki-ca u,u,u auditSigningCert cert-pki-ca u,u,Pu Server-Cert cert-pki-ca u,u,u OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US C,, CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US C,, NSS Certificate DB:NSS Certificate DB:CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US C,, I executed the above command as you suggested, unfortunately ipaCert* cannot be found _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue