On 15/01/2016 15:04, Rob Crittenden wrote:
Discussed in IRC last night but for the sake of history, he needed to add the CA's to the dogtag NSS database in /var/lib/pki/pki-tomcat/alias/ with a trust of C,,.
Yes, I added new root certificates to /etc/pki/pki-tomcat/alias and I was able to start all services.
I've noticed that ipa-certupdate command removes them and we're back to square one. Why is it doing this? Which database is it retrieving certificates from?
I've re-run ipa-certupdate in verbose mode and I could see that it removes all certificates in different databases (/etc/httpd/alias, /etc/pki/nssdb, /etc/pki/pki-tomcat/alias) and then re-adds them (apart from /etc/pki/pki-tomcat/alias).
Also, what is the correct process for renewing 3rd party certificate? Will it be pushed automatically to all servers/clients? I don't want to be in trouble when it comes to renewing it.
Thanks. -- Kind regards, Peter Pakos -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project