Hi Team .
FreeIPA Version : 4.6.8
I was going through the freeipa team provided letsencrypt repo (https://github.com/freeipa/freeipa-letsencrypt) where they are saying to take backup of certs and private directories and they are even used in one of the scripts renew-le.sh but in my freeIPA environment build on Centos 7 i couldn't find this directory on my freeIPA version , could you please let me know in version 4.6.8 where are these default Certs located ?
Hi Guys ,
Could anyone let me know regardless of the github repo where can i find default certs (location) which FreeIPA uses ?
Hi,
it depends which cert you're referring to: - the server certificate used by the httpd server is located in /var/lib/ipa/certs/httpd.crt (when mod_ssl is used, otherwise it's /etc/httpd/alias) - the server certificate used by the LDAP server is in /etc/dirsrv/slapd-YOURDOMAINNAME - the KDC pkinit certificate is in /var/kerberos/krb5kdc/kdc.crt - the certificates used by the PKI server are in /etc/pki/pki-tomcat/alias - the RA cert (used to authenticate to the PKI server) is in /var/lib/ipa/ra-agent.pem
The CA cert can be found in /etc/ipa/ca.crt.
HTH, flo
On Thu, Mar 24, 2022 at 4:45 PM GAURAV Pande via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
Hi Guys ,
Could anyone let me know regardless of the github repo where can i find default certs (location) which FreeIPA uses ? _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Hi Florence ,
Thanks again for detailed info , where can we see /var/lib/ipa/private content (i suppose it has private key) for FreeIPA 4.6.8 Version?
On Fri, Mar 25, 2022 at 5:31 PM GAURAV Pande via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
Hi Florence ,
Thanks again for detailed info , where can we see /var/lib/ipa/private content (i suppose it has private key) for FreeIPA 4.6.8 Version?
As I wrote, when mod_nss is in use, httpd stores the cert and key in /etc/httpd/alias. You can use *certutil -L -d /etc/httpd/alias* to list the certificates, and *certutil -K -d /etc/httpd/alias* to list the keys. IIRC the password file is /etc/httpd/alias/pwdfile.txt
HTH, flo
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste... Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Okay thanks a lot Florence!
freeipa-users@lists.fedorahosted.org
-
Florence Blanc-Renaud -
GAURAV Pande