I'm generating certificates for a bunch of not-enrolled, not-certmonger-feasible services (our printer, for example) and I'd like a little longer life cycle than the standard two years. I can't for the life of me figure out where I can set that.
Thanks in advance.
Bo Lind via FreeIPA-users wrote:
I'm generating certificates for a bunch of not-enrolled, not-certmonger-feasible services (our printer, for example) and I'd like a little longer life cycle than the standard two years. I can't for the life of me figure out where I can set that.
You'd have to create a custom profile. You can use the caIPAserviceCert as a starting point.
Note that while issuing longer-lived certs is more convenient now I'd recommend you have a plan on remembering to renew them in X years! Be sure to well-document the process in case it's up to someone else to manage it :-)
rob
freeipa-users@lists.fedorahosted.org