This is a follow up to #4280. We now start tracking certificates certmonger DBUS API, however we do not set the CA to be IPA for the selected certificates and these certificates are then not shown in ipa-getcert lists:
CA
ipa-getcert
# ipa-getcert list Number of certificates and requests being tracked: 8.
With FreeIPA 3.3.3 I get:
# ipa-getcert list Number of certificates and requests being tracked: 7. Request ID '20140925071112': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/etc/dirsrv/slapd-IDM-LAB-BOS-REDHAT-COM',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dirsrv/slapd-IDM-LAB-BOS-REDHAT-COM/pwdfile.txt' certificate: type=NSSDB,location='/etc/dirsrv/slapd-IDM-LAB-BOS-REDHAT-COM',nickname='Server-Cert',token='NSS Certificate DB' CA: IPA issuer: CN=Certificate Authority,O=IDM.LAB.BOS.REDHAT.COM subject: CN=vm-067.idm.lab.bos.redhat.com,O=IDM.LAB.BOS.REDHAT.COM expires: 2016-09-25 07:11:11 UTC key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: post-save command: /usr/lib64/ipa/certmonger/restart_dirsrv IDM-LAB-BOS-REDHAT-COM track: yes auto-renew: yes Request ID '20140925071516': status: MONITORING stuck: no key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt' certificate: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB' CA: IPA issuer: CN=Certificate Authority,O=IDM.LAB.BOS.REDHAT.COM subject: CN=vm-067.idm.lab.bos.redhat.com,O=IDM.LAB.BOS.REDHAT.COM expires: 2016-09-25 07:15:15 UTC key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment eku: id-kp-serverAuth,id-kp-clientAuth pre-save command: post-save command: /usr/lib64/ipa/certmonger/restart_httpd track: yes auto-renew: yes
The difference is in the
CA: IPA
field setting.
attachment freeipa-dkupka-0020-Set-IPA-CA-for-freeipa-certificates.patch
attachment freeipa-dkupka-0020-2-Set-IPA-CA-for-freeipa-certificates.patch
master:
ipa-4-1:
ipa-4-0:
Metadata Update from @mkosek: - Issue assigned to dkupka - Issue set to the milestone: FreeIPA 4.0.4
Login to comment on this ticket.