I am in charge for a freeipa server with ldap backend and noticed 
some expired certificates recently. Most of them but 2 are auto-renewing by 
certmonger as I checked. All of them are self signed.

"CN=ipa-ca-agent" and "CN=Object Signing Cert" are not subscribed by 
certmonger, ipa-ca-agent expired some days ago and has not been renewed. Second 
one expires soon. No consequences noticed so far.

Can you tell me what they both are for and - if needed - how I should renew 
that separately? Preferable with certmonger. An Output how the tracking config 
should look like would be nice.
Thanks a lot.  Vitali
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to