Hello all,

I'd to verify with you if certmonger.service should be enabled by default after IPA client installation or not. If I remember correctly, it used to start by on CentOS6, IPA client ~3.0.0, after ipa-client installation and reboots.

The thing is, for first time usage and subsequent certificate renewal one needs to start and enable certmonger.service in systemd, right? Otherwise all ipa-getcert commands just return error about certmonger not running. I mean, is this desired and default behavior?

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/setting-up-clients.html actually claims: 'Enable certmonger, retrieve an SSL server certificate, and install the certificate in /etc/pki/nssdb.' so one or the other is wrong...

I'm using:

CentOS Linux release 7.1.1503 (Core)

certmonger-0.75.14-3.el7.x86_64
ipa-client-4.1.0-18.el7.centos.4.x86_64
ipa-python-4.1.0-18.el7.centos.4.x86_64
libipa_hbac-1.12.2-58.el7_1.17.x86_64
libipa_hbac-python-1.12.2-58.el7_1.17.x86_64
python-iniparse-0.4-9.el7.noarch
python-ipaddr-2.1.9-5.el7.noarch
sssd-ipa-1.12.2-58.el7_1.17.x86_64

I've tried to search for this on both CentOS and RHEL BugZilla, and FreeIPA trac, and Google, but I couldn't find any bug or discussion. Sorry if this duplicate.


Thank you.

Martin

--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to