subject:"\[Freeipa\-users\] Certificate renewal \- not the CA though"

Re: [Freeipa-users] Certificate renewal - not the CA though

2016-11-10 Thread Rob Crittenden

Graham Johnston wrote:
> Hi,
> 
>  
> 
> We are just about to come up on two years of having our freeipa instance
> in place. We are running version 4.2 on CentOS 7.2. We are using the
> internal/default CA configuration from the install.
> 
>  
> 
> Our monitoring system just notified me that the server certificate used
> when accessing the admin web portal will expire in December. I cant
> seem to find information about whether this cert just auto renews in the
> background somehow or not. I can see lots of information about CA
> renewal but as my CA is not set to expire until 2022 Im not worried
> about that. 

The CA has a number of subsystems that also have certificates that will
likely be expiring in December as well. Run getcert list to see them all.

> Can someone put my mind at ease, or point me to the documentation I
> cant seem to find.

certmonger _should_ renew them automatically for you. To force a renewal
attempt the easiest thing to do is to restart the certmonger process. It
may be close enough to renewal time that it'll just go ahead and try.
Watch the status in getcert list.

rob

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

[Freeipa-users] Certificate renewal - not the CA though

2016-11-10 Thread Graham Johnston

Hi,

We are just about to come up on two years of having our freeipa instance in 
place. We are running version 4.2 on CentOS 7.2. We are using the 
internal/default CA configuration from the install.

Our monitoring system just notified me that the server certificate used when 
accessing the admin web portal will expire in December. I can't seem to find 
information about whether this cert just auto renews in the background somehow 
or not. I can see lots of information about CA renewal but as my CA is not set 
to expire until 2022 I'm not worried about that.

Can someone put my mind at ease, or point me to the documentation I can't seem 
to find.

Thanks,
Graham Johnston
Network Planner
Westman Communications Group
204.717.2829
johnst...@westmancom.com
P think green; don't print this email.

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Re: [Freeipa-users] Certificate renewal - not the CA though

[Freeipa-users] Certificate renewal - not the CA though

2 matches

Site Navigation

Mail list logo

Footer information