On Thu, Feb 1, 2018 at 5:25 PM, Jochen Hein <jochen(a)jochen.org> wrote:
Yeah, but I'm not exactly reassured by choosing on of the many plugins out
there- or running them all. It would be great to push for an official check.
I'm might be willing to help, but I'd need documentation about what (and
how) to check, but that's basically 90% of the work. I would propose
assimilating the best-looking plugin out there and expanding it every time
sometime reports some broken thing that needs proactive fixing.
Any way we can help this happen?
Right now we had some problems with certificates not/halfway renewing,
so some tool to check LDAP against the different cert-stores might
be
helpful.
$ ipa cert-find --validnotafter-to=$(date --date="3 years"
+"%Y-%m-%d")
Actually changing "3 years" to something inferior to the margin FreeIPA
starts renewing certificates should warn you that something is amiss.
--
___
{~._.~}
( Y )
()~*~() mail: alex at corcoles dot net
(_)-(_)
http://alex.corcoles.net/