Kevin Vasko via FreeIPA-users wrote:
Kees Bakker,
If it is, I'm certainly not seeing it done on Ubuntu 16.04 or Ubuntu 18.04 and based on Rob's comment it might not be done if I'm understanding him correctly.
Assuming I'm reading the code right it is not being executed on Debian/Ubuntu. At least not in the source. It's possible it is patched into the package in the distribution.
rob
-Kevin
On Thu, Oct 10, 2019 at 8:19 AM Kees Bakker via FreeIPA-users freeipa-users@lists.fedorahosted.org wrote:
On 10-10-19 14:35, Rob Crittenden via FreeIPA-users wrote
Kevin Vasko via FreeIPA-users wrote:
How would I validate that certs are getting added properly on a CentOS machine system wide store?
I’m going to test it today to find out if this is a problem unique to Ubuntu/CentOS.
On Fedora the chain is put into /etc/pki/ca-trust/source/anchors/ipa-ca.crt and update-ca-trust is executed.
There is no Debian/Ubuntu equivalent in the upstream source (it's possible it is done in packaging). You could try something like:
cp /etc/ipa/ca.crt /usr/local/share/ca-certificates/ipa-ca.crt update-ca-certificates
This is already done by ipa-client-install _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...