[Freeipa-users] regenerate certificate
Florence Blanc-Renaud
flo at redhat.com
Thu Jul 21 07:00:42 UTC 2016
On 07/20/2016 10:04 PM, mohammad sereshki wrote:
> hi
> I check my IPA server which is version ipa-server-3.0.0-25 , command
> "ipa-get-cert list" show, my certificate will be expired in next 20 days,
> I do not know how to regenerate them
> but command "getcert list" shows epirtion certificates are related just
> to "CA:IPA" and certificate " CA: dogtag-ipa-renew-agent" , has enough
> time .
> would you please help me to know how to regenerate CA:IPA certificates?
>
> Best Regards
>
>
>
Hi Mohammad,
the certificates issued by IPA CA are normally tracked by certmonger and
automatically renewed when they are near their expiration date. To make
sure that your certificates are tracked, you can issue
$ ipa-getcert list
and check the "status:" field for each certificate. It should display
"MONITORING".
If you want to manually renew them, you must note their request ID and
use the command
$ ipa-getcert resubmit -i $REQUEST_ID
Hope this helps,
Flo.
More information about the Freeipa-users
mailing list