On Tue, Mar 06, 2018 at 10:57:16AM +1000, Fraser Tweedale via FreeIPA-users wrote:
On Mon, Mar 05, 2018 at 04:57:52PM -0000, John Seekins via
FreeIPA-users wrote:
> Manually installing the cert at /etc/ipa/ca.cert and restarting
> Apache fixes the error, but it seems like whenever a cert renewal
> happens, I'll have to manually update it again. Which seems
> brittle.
The ipa-certupdate(1) command will update all relevant certificate
trust databases including /etc/ipa/ca.crt.
That said, it should have happened automatically on the master where
the CA was installed. I'll confirm; maybe there is a ticket to file
here.
Aha, this was fixed in v4.6.2.
Ticket:
https://pagure.io/freeipa/issue/6577
Commit: cd4d9cc46d7d4b3bb9ed7a69976b0986b083abfa
Cheers,
Fraser
> Thanks for the query/feedback.
>
> Cheers,
> Fraser
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org