On Thu, Oct 9, 2014 at 2:33 PM, Natxo Asenjo <natxo.ase...@gmail.com> wrote:
> hi,
>
> if during the enrollment of a host a host certificate is created, then
> this will be a nssdb type certificate.
>
> However, lots of applications use file certificates and we can very
> easily create one of those (even using configuration management
> tools):
>
> /usr/bin/ipa-getcert request -r -f /etc/pki/tls/certs/`hostname
> --fqdn`.crt -k /etc/pki/tls/private/`hostname --fqdn`.key
>
> getcert list will see both, but in the ipa web interface in the host
> information only the last one will be shown.

well, replying to mysel, the attribute userCertificate appears to be
single valued. So that must be why.

So what happens with the other certificate in the nssdb directory? Can
I just stop tracking it locally? Or do I have to stop tracking it
because it will try to auto renew when it expires, and that will block
the file certificate?

Tips welcome!

-- 
groet,
natxo

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project

Reply via email to