8:09 p.m.
On Fri, Jun 14, 2019 at 02:46:56PM +0000, Remco Kranenburg via FreeIPA-users wrote:
Hi all,
We noticed that we have a duplicate tracking request for a certificate.
Is this normal, or can we remove one of them? We suspect that this
happened because we migrated our systems to another provider and we
made a mistake with FreeIPA.
The tracking requests as reported by getcert:
Request ID '20170801134610':
status: MONITORING
stuck: no
key pair storage:
type=FILE,location='/etc/ssl/private/ipa_host.key'
certificate: type=FILE,location='/etc/ssl/certs/ipa_host.crt'
CA: IPA
issuer: CN=Certificate Authority,O=EXAMPLE.COM
subject: CN=ipa.example.com,O=EXAMPLE.COM
expires: 2021-01-07 15:03:30 UTC
dns: ipa.example.com
principal name: host/ipa.example.com(a)EXAMPLE.COM
key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command:
track: yes
auto-renew: yes
Request ID '20190107150328':
status: MONITORING
stuck: no
key pair storage:
type=FILE,location='/etc/ssl/private/ipa_host.key'
certificate: type=FILE,location='/etc/ssl/certs/ipa_host.crt'
CA: IPA
issuer: CN=Certificate Authority,O=EXAMPLE.COM
subject: CN=ipa.example.com,O=EXAMPLE.COM
expires: 2021-01-07 15:03:30 UTC
dns: ipa.example.com
principal name: host/ipa.example.com(a)EXAMPLE.COM
key usage:
digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command:
track: yes
auto-renew: yes
It is safe to remove one via 'getcert stop-tracking -i <ID>'.
Cheers,
Fraser