forked from freeipa/freeipa
-
Notifications
You must be signed in to change notification settings - Fork 0
DS Certificates
Endi S. Dewata edited this page Jun 14, 2022
·
3 revisions
In IPA environment DS certificates are stored in an NSS database at /etc/dirsrv/slapd-<REALM> and the NSS database password is stored at /etc/dirsrv/slapd-<REALM>/pwdfile.txt.
To display the DS certificates:
$ pki -d /etc/dirsrv/slapd-EXAMPLE-COM nss-cert-find Nickname: EXAMPLE.COM IPA CA Serial Number: 0x1 Subject DN: CN=Certificate Authority,O=EXAMPLE.COM Issuer DN: CN=Certificate Authority,O=EXAMPLE.COM Not Valid Before: Mon Jun 13 20:04:33 UTC 2022 Not Valid After: Fri Jun 13 20:04:33 UTC 2042 Trust Flags: CT,C,C Nickname: Server-Cert Serial Number: 0x8 Subject DN: CN=ipa.example.com,O=EXAMPLE.COM Issuer DN: CN=Certificate Authority,O=EXAMPLE.COM Not Valid Before: Mon Jun 13 20:06:24 UTC 2022 Not Valid After: Thu Jun 13 20:06:24 UTC 2024 Trust Flags: u,u,u