On 15/01/2016 15:04, Rob Crittenden wrote:
Discussed in IRC last night but for the sake of history, he needed to
add the CA's to the dogtag NSS database in
/var/lib/pki/pki-tomcat/alias/ with a trust of C,,.

Yes, I added new root certificates to /etc/pki/pki-tomcat/alias and I was able to start all services.

I've noticed that ipa-certupdate command removes them and we're back to square one. Why is it doing this? Which database is it retrieving certificates from?

I've re-run ipa-certupdate in verbose mode and I could see that it removes all certificates in different databases (/etc/httpd/alias, /etc/pki/nssdb, /etc/pki/pki-tomcat/alias) and then re-adds them (apart from /etc/pki/pki-tomcat/alias).

Also, what is the correct process for renewing 3rd party certificate? Will it be pushed automatically to all servers/clients? I don't want to be in trouble when it comes to renewing it.


Kind regards,
 Peter Pakos

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to