Hi,

Right now cockpit still uses a locally created TLS certificate, that
should be changed to a IPA issued certificate.  What I understood is
that a certificate is for a host (e.g. ipa.example.com), so apache and
cockpit should use the same certificate. Is that understanding correct?

So this is what I did:

# cp cert8.db key3.db secmod.db pwdfile.txt /tmp/
# cd /tmp
# pk12util -o keys.p12 -n 'Server-Cert' -d . -k /etc/httpd/alias/pwdfile.txt
# openssl pkcs12 -in keys.p12 -out freeipa.key -nodes -clcerts
# cp freeipa.key /etc/cockpit/ws-certs.d/freeipa.cert
# systemctl restart cockpit.service

Now Cockpit and apache use the same certificate, but the cockpit
certificate is not tracked by certmonger.  Any idea how that could
work?

Jochen

-- 
The only problem with troubleshooting is that the trouble shoots back.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to