Thank Rob, that too are in MONITORING, though some are duplicating.
[root@ds01 ~]# getcert list
Number of certificates and requests being tracked: 11.
Request ID '20150203033017':
status: MONITORING
stuck: no
key pair storage: type=NSSDB,location='/etc/dirsrv/slapd-ARTERIS-COM',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/dirsrv/slapd-ARTERIS-COM/pwdfile.txt'
certificate: type=NSSDB,location='/etc/dirsrv/slapd-ARTERIS-COM',nickname='Server-Cert',token='NSS Certificate DB'
CA: IPA
issuer: CN=Certificate Authority,O=ARTERIS.COM
subject: CN=ds01.arteris.com,O=ARTERIS.COM
expires: 2019-01-07 21:02:49 UTC
principal name: ldap/ds01.arteris.com@ARTERIS.COM
key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command:
track: yes
auto-renew: yes
Request ID '20150203033320':
status: MONITORING
stuck: no
key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
certificate: type=NSSDB,location='/etc/httpd/alias',nickname='Server-Cert',token='NSS Certificate DB'
CA: IPA
issuer: CN=Certificate Authority,O=ARTERIS.COM
subject: CN=ds01.arteris.com,O=ARTERIS.COM
expires: 2019-01-07 21:04:38 UTC
principal name: HTTP/ds01.arteris.com@ARTERIS.COM
key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command:
track: yes
auto-renew: yes
Request ID '20150203054229':
status: MONITORING
stuck: no
key pair storage: type=NSSDB,location='/var/lib/pki/pki-tomcat/alias',nickname='auditSigningCert cert-pki-ca',token='NSS Certificate DB',pin='662376931440'
certificate: type=NSSDB,location='/var/lib/pki/pki-tomcat/alias',nickname='auditSigningCert cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-renew-agent
issuer: CN=Certificate Authority,O=ARTERIS.COM
subject: CN=CA Audit,O=ARTERIS.COM
expires: 2018-06-15 23:16:43 UTC
key usage: digitalSignature,nonRepudiation
pre-save command:
post-save command:
track: yes
auto-renew: yes
Request ID '20150203054325':
status: MONITORING
stuck: no
key pair storage: type=NSSDB,location='/var/lib/pki/pki-tomcat/alias',nickname='ocspSigningCert cert-pki-ca',token='NSS Certificate DB',pin='662376931440'
certificate: type=NSSDB,location='/var/lib/pki/pki-tomcat/alias',nickname='ocspSigningCert cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-renew-agent
issuer: CN=Certificate Authority,O=ARTERIS.COM
subject: CN=OCSP Subsystem,O=ARTERIS.COM
expires: 2018-06-15 23:15:10 UTC
eku: id-kp-OCSPSigning
pre-save command:
post-save command:
track: yes
auto-renew: yes
Request ID '20150203054400':
status: MONITORING
stuck: no
key pair storage: type=NSSDB,location='/var/lib/pki/pki-tomcat/alias',nickname='subsystemCert cert-pki-ca',token='NSS Certificate DB',pin='662376931440'
certificate: type=NSSDB,location='/var/lib/pki/pki-tomcat/alias',nickname='subsystemCert cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-renew-agent
issuer: CN=Certificate Authority,O=ARTERIS.COM
subject: CN=CA Subsystem,O=ARTERIS.COM
expires: 2018-06-15 23:16:21 UTC
key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command:
track: yes
auto-renew: yes
Request ID '20150306102132':
status: MONITORING
stuck: no
key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert cert-pki-ca',token='NSS Certificate DB',pin='662376931440'
certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='auditSigningCert cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-ca-renew-agent
issuer: CN=Certificate Authority,O=ARTERIS.COM
subject: CN=CA Audit,O=ARTERIS.COM
expires: 2018-06-15 23:16:43 UTC
key usage: digitalSignature,nonRepudiation
pre-save command:
post-save command:
track: yes
auto-renew: yes
Request ID '20150306102133':
status: MONITORING
stuck: no
key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert cert-pki-ca',token='NSS Certificate DB',pin='662376931440'
certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='ocspSigningCert cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-ca-renew-agent
issuer: CN=Certificate Authority,O=ARTERIS.COM
subject: CN=OCSP Subsystem,O=ARTERIS.COM
expires: 2018-06-15 23:15:10 UTC
eku: id-kp-OCSPSigning
pre-save command:
post-save command:
track: yes
auto-renew: yes
Request ID '20150306102134':
status: MONITORING
stuck: no
key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='subsystemCert cert-pki-ca',token='NSS Certificate DB',pin='662376931440'
certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='subsystemCert cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-ca-renew-agent
issuer: CN=Certificate Authority,O=ARTERIS.COM
subject: CN=CA Subsystem,O=ARTERIS.COM
expires: 2018-06-15 23:16:21 UTC
key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command:
track: yes
auto-renew: yes
Request ID '20150306102135':
status: MONITORING
stuck: no
key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert cert-pki-ca',token='NSS Certificate DB',pin='662376931440'
certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='caSigningCert cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-ca-renew-agent
issuer: CN=Certificate Authority,O=ARTERIS.COM
subject: CN=Certificate Authority,O=ARTERIS.COM
expires: 2037-06-01 12:55:08 UTC
key usage: digitalSignature,nonRepudiation,keyCertSign,cRLSign
pre-save command:
post-save command:
track: yes
auto-renew: yes
Request ID '20150306102136':
status: MONITORING
stuck: no
key pair storage: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB',pinfile='/etc/httpd/alias/pwdfile.txt'
certificate: type=NSSDB,location='/etc/httpd/alias',nickname='ipaCert',token='NSS Certificate DB'
CA: dogtag-ipa-ca-renew-agent
issuer: CN=Certificate Authority,O=ARTERIS.COM
subject: CN=IPA RA,O=ARTERIS.COM
expires: 2018-06-15 23:15:23 UTC
key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth
pre-save command:
post-save command:
track: yes
auto-renew: yes
Request ID '20150306102137':
status: MONITORING
stuck: no
key pair storage: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert cert-pki-ca',token='NSS Certificate DB',pin='662376931440'
certificate: type=NSSDB,location='/etc/pki/pki-tomcat/alias',nickname='Server-Cert cert-pki-ca',token='NSS Certificate DB'
CA: dogtag-ipa-renew-agent
issuer: CN=Certificate Authority,O=ARTERIS.COM
subject: CN=ds01.arteris.com,O=ARTERIS.COM
expires: 2018-12-16 21:02:44 UTC
key usage: digitalSignature,nonRepudiation,keyEncipherment,dataEncipherment
eku: id-kp-serverAuth,id-kp-clientAuth,id-kp-emailProtection
pre-save command:
post-save command:
track: yes
auto-renew: yes
Regards,
Bhavin
From: Rob Crittenden <rcritten@redhat.com>
Sent: Monday, July 24, 2017 11:46 AM
To: FreeIPA users list
Cc: Bhavin Vaidya
Subject: Re: [Freeipa-users] Re: FreeIPA upgrade
Bhavin Vaidya via FreeIPA-users wrote:
> Thank you Rob.
>
>
> I have inherited current setup and being new I took some time to
> understand and then attempt to upgrade.
>
>
> Certificate issue is on our second master, and having issue fixing that.
> I will submit separate thread for that.
>
>
On ds01, certificates are all in MONITORING status.
This isn't all of them. You need to use getcert list to see all of them.
rob