[Freeipa-devel] CA-less installs: passive certmonger - watch-and-warn mode
Rob Crittenden
rcritten at redhat.com
Fri Jul 8 13:31:45 UTC 2016
Petr Spacek wrote:
> Hi,
>
> our docs
>
> https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/install-server.html#install-determine-ca
>
> claim this:
> "The certmonger service is not used to track certificates. Therefore, it does
> not warn you of impending certificate expiration."
>
> Is this correct?
>
> Can we at least configure certmonger to passively track the certificates and
> throw warning about impending expiration into logs?
>
Throw a warning where? Register an e-mail address as part of the
tracking perhaps?
It would probably be fairly easy to write a "CA" that sends an e-mail.
The trick, and this has always tripped us up, is having an MTA configured.
rob
More information about the Freeipa-devel
mailing list