Hi, Right now cockpit still uses a locally created TLS certificate, that should be changed to a IPA issued certificate. What I understood is that a certificate is for a host (e.g. ipa.example.com), so apache and cockpit should use the same certificate. Is that understanding correct?
So this is what I did: # cp cert8.db key3.db secmod.db pwdfile.txt /tmp/ # cd /tmp # pk12util -o keys.p12 -n 'Server-Cert' -d . -k /etc/httpd/alias/pwdfile.txt # openssl pkcs12 -in keys.p12 -out freeipa.key -nodes -clcerts # cp freeipa.key /etc/cockpit/ws-certs.d/freeipa.cert # systemctl restart cockpit.service Now Cockpit and apache use the same certificate, but the cockpit certificate is not tracked by certmonger. Any idea how that could work? Jochen -- The only problem with troubleshooting is that the trouble shoots back. -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project