[Freeipa-users] kdc certificate web interface expiration warning
Natxo Asenjo
natxo.asenjo at gmail.com
Thu Oct 9 12:06:01 UTC 2014
On Thu, Oct 9, 2014 at 8:42 AM, Natxo Asenjo <natxo.asenjo at gmail.com> wrote:
>
> hi,
>
> today our monitoring system started warning us that the web ui certificate for our first kdc will expire in 30 days.
>
> I have checked manually with this command:
>
> $ sudo getcert list |grep auto-renew auto-renew: yes
> auto-renew: yes
> auto-renew: yes
> auto-renew: yes
> auto-renew: yes
> auto-renew: yes
> auto-renew: yes
> auto-renew: yes
>
> So it should all be fine, right? Just checking..., I will probably not be at the office in 30 days so I just want to make sure things will keep working here.
from http://www.freeipa.org/page/Certmonger:
The expiration date is UTC. By default certmonger will start trying to
renew the certificate 28 days before it expires.
| Or is there a way to manually renew those certs?
http://www.freeipa.org/page/Certmonger#Manually_renew_a_certificate
Manually renew a certificate
If you want to manually renew a certificate prior to its expiration date, run:
# ipa-getcert resubmit -i REQUEST_ID
so I will just wait 2 days and see if it has automatically renewed;
otherwise renew it.
I must say that certmonger is an awesome piece of work.
--
Groeten,
natxo
More information about the Freeipa-users
mailing list