[Freeipa-users] Certificate renewal - not the CA though
Rob Crittenden
rcritten at redhat.com
Thu Nov 10 16:29:20 UTC 2016
Graham Johnston wrote:
> Hi,
>
>
>
> We are just about to come up on two years of having our freeipa instance
> in place. We are running version 4.2 on CentOS 7.2. We are using the
> internal/default CA configuration from the install.
>
>
>
> Our monitoring system just notified me that the server certificate used
> when accessing the admin web portal will expire in December. I can’t
> seem to find information about whether this cert just auto renews in the
> background somehow or not. I can see lots of information about CA
> renewal but as my CA is not set to expire until 2022 I’m not worried
> about that.
The CA has a number of subsystems that also have certificates that will
likely be expiring in December as well. Run getcert list to see them all.
> Can someone put my mind at ease, or point me to the documentation I
> can’t seem to find.
certmonger _should_ renew them automatically for you. To force a renewal
attempt the easiest thing to do is to restart the certmonger process. It
may be close enough to renewal time that it'll just go ahead and try.
Watch the status in getcert list.
rob
More information about the Freeipa-users
mailing list