[Freeipa-users] Cockpit Integration part II - SSL certificates
Jochen Hein
jochen at jochen.org
Sun Dec 27 16:43:32 UTC 2015
Hi,
Right now cockpit still uses a locally created TLS certificate, that
should be changed to a IPA issued certificate. What I understood is
that a certificate is for a host (e.g. ipa.example.com), so apache and
cockpit should use the same certificate. Is that understanding correct?
So this is what I did:
# cp cert8.db key3.db secmod.db pwdfile.txt /tmp/
# cd /tmp
# pk12util -o keys.p12 -n 'Server-Cert' -d . -k /etc/httpd/alias/pwdfile.txt
# openssl pkcs12 -in keys.p12 -out freeipa.key -nodes -clcerts
# cp freeipa.key /etc/cockpit/ws-certs.d/freeipa.cert
# systemctl restart cockpit.service
Now Cockpit and apache use the same certificate, but the cockpit
certificate is not tracked by certmonger. Any idea how that could
work?
Jochen
--
The only problem with troubleshooting is that the trouble shoots back.
More information about the Freeipa-users
mailing list