On 11/17/20 3:56 PM, Harald Dunkel via FreeIPA-users wrote:
Hi folks,
how can I list the expiration dates of the ca certificate chain, before
it is too late? External ca.
Regards
Harri
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
Hi,
the cert chain should be stored in /etc/ipa/ca.crt. If there is a single
certificate in the file, you can use
# openssl x509 -noout -text -in /etc/ipa/ca.crt
and look for the validity stored in "Not After".
If the file contains multiple certificates (openssl displays only the
information for the first one), you will need another tool:
# openssl crl2pkcs7 -nocrl -certfile /etc/ipa/ca.crt | openssl pkcs7
-print_certs -text -noout
Same thing, check for "Not after".
HTH,
flo