Right now cockpit still uses a locally created TLS certificate, that
should be changed to a IPA issued certificate.  What I understood is
that a certificate is for a host (e.g. ipa.example.com), so apache and
cockpit should use the same certificate. Is that understanding correct?

So this is what I did:

# cp cert8.db key3.db secmod.db pwdfile.txt /tmp/
# cd /tmp
# pk12util -o keys.p12 -n 'Server-Cert' -d . -k /etc/httpd/alias/pwdfile.txt
# openssl pkcs12 -in keys.p12 -out freeipa.key -nodes -clcerts
# cp freeipa.key /etc/cockpit/ws-certs.d/freeipa.cert
# systemctl restart cockpit.service

Now Cockpit and apache use the same certificate, but the cockpit
certificate is not tracked by certmonger.  Any idea how that could


The only problem with troubleshooting is that the trouble shoots back.

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to