I see the replica listed under services idm's web-ui. It appears as "
HTTP/replica@DOMAIN". Is this normal ? I'm not sure if it's being tracked
for auto-renewal or if it was issued as a one time cert during setup. What
would be the steps to fix this ?
On Wed, May 24, 2017 at 12:00 AM, Alexander Bo
On ti, 23 touko 2017, Prasun Gera via FreeIPA-users wrote:
I posted this in the earlier thread, but didn't get a response. I was able
to fix this on the master, but "getcert list -d /etc/httpd/alias -n
"Server-Cert" on the replica doesn't return anything. Are the replica's SSL
certs handled diffe
ay, May 23, 2017 4:09:14 PM
Subject: Re: [Freeipa-users] Re: Chrome 58 - CN for IPA management console to
include SANs
I posted this in the earlier thread, but didn't get a response. I was able to
fix this on the master, but " getcert list -d /etc/httpd/alias -n "Server-Cert
&q
I posted this in the earlier thread, but didn't get a response. I was able
to fix this on the master, but "getcert list -d /etc/httpd/alias -n
"Server-Cert" on the replica doesn't return anything. Are the replica's SSL
certs handled differently ?
On Tue, May 23, 2017 at 3:08 PM, Alexander Bokovoy
On ti, 23 touko 2017, Jake via FreeIPA-users wrote:
Worked! Thanks!
I Suppose there isn't a way to get the output of getcert as
JSON/object? I would prefer to do this with ansible =)
Not directly. You may want to explore D-Bus interface provided by
certmonger.
Also, "sudo systemctl restart h
Jake via FreeIPA-users wrote:
> Worked! Thanks!
>
> I Suppose there isn't a way to get the output of getcert as JSON/object? I
> would prefer to do this with ansible =)
Not at the moment, just human-readable. You could file an RFE on the
certmonger pagure site.
>
> Also, "sudo systemctl restar
Worked! Thanks!
I Suppose there isn't a way to get the output of getcert as JSON/object? I
would prefer to do this with ansible =)
Also, "sudo systemctl restart httpd" post renewal (looks like the hooks aren't
configured for the cert renewal to restart dependent services.)
- Original Messa
On ti, 23 touko 2017, Jake via FreeIPA-users wrote:
Hey All,
I think this is fixed in 4.4.2 but since we use centos upstream we are
limited to 4.4.0, is there a way to manually re-issue the SSL
Certificates used for apache on the IPA masters for the web interface
to include the DNS Names as Subje
+1
W dniu wt., 23.05.2017 o 19:47 Jake via FreeIPA-users <
freeipa-users@lists.fedorahosted.org> napisaĆ(a):
> Hey All,
> I think this is fixed in 4.4.2 but since we use centos upstream we are
> limited to 4.4.0, is there a way to manually re-issue the SSL Certificates
> used for apache on the IPA