Rob Crittenden via FreeIPA-users <freeipa-users(a)lists.fedorahosted.org>
writes:
Jochen Kellner via FreeIPA-users wrote:
> Orion Poplawski via FreeIPA-users <freeipa-users(a)lists.fedorahosted.org>
> writes:
>
>> Does anyone know of a script or way to get a list of certificates issued by
>> the IPA CA that are about to expire?
>
> I do have a small script for byobu that warns when certificates are
> about to expire and I verify refresh really works - that's only useful
> for small installations with a small number of certificates.
>
> In short: get a time interval with date and feed the dates into "ipa
> cert-find". Have fun!
There is a --status option you can set to valid which should return only
currently valid certs (e.g. no revoked, expired, etc).
Thanks for the tip - that will make the script simpler...
Jochen
--
This space is intentionally left blank.