MachinePrivateCertWithEL7: Difference between revisions
Jump to navigation
Jump to search
(Created page with "== What do I mean by "machine private certificate" ? == == Why would I still need a machine certificate ? == == What has changed with EL7 == With EL7 comes the new ipa client...") |
No edit summary |
||
| Line 1: | Line 1: | ||
== What has changed with EL7 == | == What has changed with EL7 == | ||
With EL7 comes the new ipa client tools release 4, that brings the following changes : | With EL7 comes the new ipa client tools release 4, that brings the following changes : | ||
* the path of nssdb is /etc/ipa/nssdb (and not /etc/pki/nssdb); | * the path of nssdb is /etc/ipa/nssdb (and not /etc/pki/nssdb); | ||
* unless explicitly asked for, the certificate generation and installation is not done anymore | * unless explicitly asked for, the certificate generation and installation is not done anymore. | ||
== Enrollment == | |||
Don't forget to add the '--request-cert' option in the 'ipa-client-install' command, otherwise certificate won't be generated. | |||
== How to retrieve the cert and the key == | |||
* To retrieve the hostcert : | |||
<pre> | |||
certutil -L -d /etc/ipa/nssdb/ -a -n 'Local IPA host' | |||
</pre> | |||
Revision as of 12:26, 1 March 2017
What has changed with EL7
With EL7 comes the new ipa client tools release 4, that brings the following changes :
- the path of nssdb is /etc/ipa/nssdb (and not /etc/pki/nssdb);
- unless explicitly asked for, the certificate generation and installation is not done anymore.
Enrollment
Don't forget to add the '--request-cert' option in the 'ipa-client-install' command, otherwise certificate won't be generated.
How to retrieve the cert and the key
- To retrieve the hostcert :
certutil -L -d /etc/ipa/nssdb/ -a -n 'Local IPA host'