Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

24.3. Listing and Displaying Certificates

Listing and Displaying Certificates in the Web UI

To list certificates assigned to a user, host, or service entry:
  1. Open the Identity tab, and select the Users, Hosts, or Services subtab.
  2. Click on the name of the user, host, or service to open its configuration page.
    List of Hosts

    Figure 24.5. List of Hosts

  3. The configuration page lists all certificates assigned to the entry. Additionally, clicking Show displays a particular certificate.
To list all certificates registered on the IdM server:
  1. Open the Authentication tab, and select the Certificates subtab.
  2. A list of all certificates is displayed in the Certificates section. To display a particular certificate, click on its serial number.
    List of Certificates

    Figure 24.6. List of Certificates

Listing Certificates from the Command Line

To list all certificates in the IdM database, run the ipa cert-find command.
$ ipa cert-find
-----------------------
10 certificates matched
-----------------------
  Serial number (hex): 0x1
  Serial number: 1
  Status: VALID
  Subject: CN=Certificate Authority,O=EXAMPLE.COM
...
-----------------------------
Number of entries returned 10
-----------------------------
You can filter the search results by specifying certain certificate properties, such as issue date or validity date. For example, to search by an issue date interval, use the --issuedon-from or --issuedon-to options to specify the start and end points or a period of time.
ipa cert-find --issuedon-from=2018-01-07 --issuedon-to=2018-02-07
For a complete list of options used to filter the search for a certificate, run ipa cert-find with the --help option added.

Displaying Certificates from the Command Line

To display a certificate, use the ipa cert-show command and specify the serial number.
$ ipa cert-show 132
Serial number: 132
  Certificate: MIIDtzCCAp+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBBMR8wHQYDVQQKExZMQUIu
...
LxIQjrEFtJmoBGb/TWRlwGEWy1ayr4iTEf1ayZ+RGNylLalEAtk9RLjEjg==
  Subject: CN=Certificate Authority,O=EXAMPLE.COM
  Issuer: CN=Certificate Authority,O=EXAMPLE.COM
  Not Before: Sun Jun 08 05:51:11 2014 UTC
  Not After: Thu Jun 08 05:51:11 2034 UTC
  Serial number (hex): 0x132
  Serial number: 132
To display the certificates assigned to a user, host, or service entry, use ipa cert-show and specify the entry. For example, to display the certificate assigned to a user:
$ ipa user-show user
  User login: user
  ...
  Certificate: MIICfzCCAWcCAQA...
  ...
You can also save a certificate to a file by adding the --out option to ipa cert-show.
$ ipa cert-show certificate_serial_number --out=path_to_file
Note that if the user, host, or service has more than one certificate, the --out option exports all of them. The certificate or certificates are exported as PEM objects.