Hi
I am trying to remove old host certificates.
I generated a list using:
ipa cert-find --sizelimit 0
One of the certs are:
Issuing CA: ipa
Subject:
CN=server.example.com,O=COMPANY.COM
Issuer: CN=Certificate
Authority,O=COMPANY.COM
Not Before: Fri May 20 15:56:37 2016 UTC
Not After: Mon May 21 15:56:37 2018 UTC
Serial number: 268238888
Serial number (hex): 0xFFD002D
Status: REVOKED_EXPIRED
Revoked: True
I also did:
ipa cert-show 268238888
I then tried to remove the cert by using:
ipa host-remove-cert
server.example.com
which then prompts me for the certificate, I enter the certificate as I got it from ipa
cert-show command, using the "Certificate: " part.
But I get the error:
ipa: ERROR:
server.examle.com: host not found
I also tried to remove the certificate from the UI, which shows quite a lot more expired
certificates for the host, but does not give me any option to delete/remove the
certificates
Am I missing something obvious with regards to the steps required to remove old
certificates? Am I not supposed to remove them?
FreeIPA, version: 4.5.4
Regards