[Freeipa-devel] CA-less installs: passive certmonger - watch-and-warn mode

[Petr Spacek]

Hi,

our docs

https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/install-server.html#install-determine-ca

claim this:
"The certmonger service is not used to track certificates. Therefore, it does
not warn you of impending certificate expiration."

Is this correct?

Can we at least configure certmonger to passively track the certificates and
throw warning about impending expiration into logs?

-- 
Petr^2 Spacek