I am in charge for a freeipa 18.104.22.168.el7 server with ldap backend and noticed
some expired certificates recently. Most of them but 2 are auto-renewing by
certmonger as I checked. All of them are self signed.
"CN=ipa-ca-agent" and "CN=Object Signing Cert" are not subscribed by
certmonger, ipa-ca-agent expired some days ago and has not been renewed. Second
one expires soon. No consequences noticed so far.
Can you tell me what they both are for and - if needed - how I should renew
that separately? Preferable with certmonger. An Output how the tracking config
should look like would be nice.
Thanks a lot. Vitali
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project