Martin Štefany wrote:
> Hello all,
> I'd to verify with you if certmonger.service should be enabled by
> default after IPA client installation or not. If I remember correctly,
> it used to start by on CentOS6, IPA client ~3.0.0, after ipa-client
> installation and reboots.
> The thing is, for first time usage and subsequent certificate renewal
> one needs to start and enable certmonger.service in systemd, right?
> Otherwise all ipa-getcert commands just return error about certmonger
> not running. I mean, is this desired and default behavior?
> actually claims: 'Enable certmonger, retrieve an SSL server certificate,
> and install the certificate in /etc/pki/nssdb.' so one or the other is
> wrong...
> I'm using:
> CentOS Linux release 7.1.1503 (Core)
> certmonger-0.75.14-3.el7.x86_64
> ipa-client-4.1.0-18.el7.centos.4.x86_64
> ipa-python-4.1.0-18.el7.centos.4.x86_64
> libipa_hbac-1.12.2-58.el7_1.17.x86_64
> libipa_hbac-python-1.12.2-58.el7_1.17.x86_64
> python-iniparse-0.4-9.el7.noarch
> python-ipaddr-2.1.9-5.el7.noarch
> sssd-ipa-1.12.2-58.el7_1.17.x86_64
> I've tried to search for this on both CentOS and RHEL BugZilla, and
> FreeIPA trac, and Google, but I couldn't find any bug or discussion.
> Sorry if this duplicate.

As of IPA 4.0.0 the client no longer always gets a host certificate so
certmonger isn't started.


Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to