On 15/01/2016 15:04, Rob Crittenden wrote:
Discussed in IRC last night but for the sake of history, he needed to
add the CA's to the dogtag NSS database in
/var/lib/pki/pki-tomcat/alias/ with a trust of C,,.
Yes, I added new root certificates to /etc/pki/pki-tomcat/alias and I
was able to start all services.
I've noticed that ipa-certupdate command removes them and we're back to
square one. Why is it doing this? Which database is it retrieving
I've re-run ipa-certupdate in verbose mode and I could see that it
removes all certificates in different databases (/etc/httpd/alias,
/etc/pki/nssdb, /etc/pki/pki-tomcat/alias) and then re-adds them (apart
Also, what is the correct process for renewing 3rd party certificate?
Will it be pushed automatically to all servers/clients? I don't want to
be in trouble when it comes to renewing it.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project