Hi, On Tue, Mar 12, 2024 at 1:49 PM Omar Pagan via FreeIPA-users < [email protected]> wrote:
> [root @ ldap01] > $ openssl x509 -noout -text -in /var/lib/ipa/certs/httpd.crt | grep Not > Not Before: Jan 12 15:30:18 2024 GMT > Not After : Jan 11 15:30:18 2025 GMT > So httpd server cert is still valid. > also, am I looking at the correct one here?: > [root @ ldap01] > $ certutil -L -d /etc/dirsrv/slapd-APP-UAAP-MAXAR-COM/ > > Certificate Nickname Trust > Attributes > > SSL,S/MIME,JAR/XPI > > APP.UAAP.MAXAR.COM IPA CA CT,C,C > ^^ this one is IPA CA, not the server certificate for LDAP. CN=Maxar DS Issuing CA East,DC=DS,DC=Maxar,DC=com C,, > CN=Maxar DS Issuing CA West,DC=DS,DC=Maxar,DC=com C,, > CN=Maxar Policy CA East,DC=Maxar,DC=com C,, > CN=Maxar Policy CA West,DC=Maxar,DC=com C,, > CN=Maxar Root CA,CN=Maxar,CN=com C,, > CN=ldap.app.uaap.maxar.com,OU=UAAP,O=Maxar Technologies > Inc,L=Herndon,ST=Virginia,C=US u,u,u > > [root @ ldap01] > $ certutil -L -d /etc/dirsrv/slapd-APP-UAAP-MAXAR-COM -n ' > APP.UAAP.MAXAR.COM IPA CA' | grep Not > Not Before: Thu Feb 02 14:06:44 2023 > Not After : Mon Feb 02 14:06:44 2043 > Based on the nicknames, I would check 'CN=ldap.app.uaap.maxar.com,OU=UAAP,O=Maxar Technologies Inc,L=Herndon,ST=Virginia,C=US' but you can verify the cert name in /etc/dirsrv/slapd-YOURDOMAIN/dse.ldif. The nickname is stored in the entry cn=RSA,cn=encryption,cn=config in the attribute nsSSLPersonalitySSL. For instance in my server I have: dn: cn=RSA,cn=encryption,cn=config cn: RSA modifiersName: cn=Directory Manager modifyTimestamp: 20220121155703Z nsSSLActivation: on *nsSSLPersonalitySSL: Server-Cert* nsSSLToken: internal (software) objectClass: top objectClass: nsEncryptionModule HTH, flo -- > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
