On ke, 07 loka 2020, Randall Hodges via FreeIPA-users wrote:
[root@par01vmidm01 ~]# ipa-pkinit-manage status
PKINIT is disabled
The ipa-pkinit-manage command was successful
The domain I changed from my company domain to example they are all correct. Since i was
not in on the setup not sure if this was suppose to be enabled or not.
Only put part of the cert due to security reason. Here what it shows. I am not sure PKINIT
was ever enabled no one can tell me I can enable it and see what what happens.
getcert list -f /var/kerberos/krb5kdc/kdc.crt
Number of certificates and requests being tracked: 4.
Request ID '20181129134654':
status: MONITORING
stuck: no
key pair storage: type=FILE,location='/var/kerberos/krb5kdc/kdc.key'
certificate: type=FILE,location='/var/kerberos/krb5kdc/kdc.crt'
CA: SelfSign
What happens with this request if you do 'ipa-pkinit-manage enable'?
The most important part to look at is list of EKU and issuer.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland