24.3. Listing and Displaying Certificates
Listing and Displaying Certificates in the Web UI
To list certificates assigned to a user, host, or service entry:
- Open the Identity tab, and select the Users, Hosts, or Services subtab.
- Click on the name of the user, host, or service to open its configuration page.
Figure 24.5. List of Hosts
- The configuration page lists all certificates assigned to the entry. Additionally, clicking Show displays a particular certificate.
To list all certificates registered on the IdM server:
- Open the Authentication tab, and select the Certificates subtab.
- A list of all certificates is displayed in the Certificates section. To display a particular certificate, click on its serial number.
Figure 24.6. List of Certificates
Listing Certificates from the Command Line
To list all certificates in the IdM database, run the ipa cert-find command.
$ ipa cert-find ----------------------- 10 certificates matched ----------------------- Serial number (hex): 0x1 Serial number: 1 Status: VALID Subject: CN=Certificate Authority,O=EXAMPLE.COM ... ----------------------------- Number of entries returned 10 -----------------------------
You can filter the search results by specifying certain certificate properties, such as issue date or validity date. For example, to search by an issue date interval, use the
--issuedon-tooptions to specify the start and end points or a period of time.
ipa cert-find --issuedon-from=2020-01-07 --issuedon-to=2020-02-07
For a complete list of options used to filter the search for a certificate, run ipa cert-find with the
Displaying Certificates from the Command Line
To display a certificate, use the ipa cert-show command and specify the serial number.
$ ipa cert-show 132 Serial number: 132 Certificate: MIIDtzCCAp+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBBMR8wHQYDVQQKExZMQUIu ... LxIQjrEFtJmoBGb/TWRlwGEWy1ayr4iTEf1ayZ+RGNylLalEAtk9RLjEjg== Subject: CN=Certificate Authority,O=EXAMPLE.COM Issuer: CN=Certificate Authority,O=EXAMPLE.COM Not Before: Sun Jun 08 05:51:11 2014 UTC Not After: Thu Jun 08 05:51:11 2034 UTC Serial number (hex): 0x132 Serial number: 132
To display the certificates assigned to a user, host, or service entry, use ipa cert-show and specify the entry. For example, to display the certificate assigned to a user:
$ ipa user-show user User login: user ... Certificate: MIICfzCCAWcCAQA... ...
You can also save a certificate to a file by adding the
--outoption to ipa cert-show.
$ ipa cert-show certificate_serial_number --out=path_to_file
Note that if the user, host, or service has more than one certificate, the
--outoption exports all of them. The certificate or certificates are exported as PEM objects.