Hi, I am in charge for a freeipa 4.1.0.18.el7 server with ldap backend and noticed some expired certificates recently. Most of them but 2 are auto-renewing by certmonger as I checked. All of them are self signed.
"CN=ipa-ca-agent" and "CN=Object Signing Cert" are not subscribed by certmonger, ipa-ca-agent expired some days ago and has not been renewed. Second one expires soon. No consequences noticed so far. Can you tell me what they both are for and - if needed - how I should renew that separately? Preferable with certmonger. An Output how the tracking config should look like would be nice. Thanks a lot. Vitali
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
