By the way, revoking the certificate does not block applications using it
from ldap.

I can still access the ldap server using this cert/key pair *after*
revoking the certificate using ipa cert-revoke <serialnr>. In order to
block it I need to remove the seeAlso value of the user account, or the
certificate attribute.

I do not know if this is a security issue, but maybe worthwhile documenting
just in case.
Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to