Why is the "ipa-ca-agent" certificate not automatically renewed in a IPA environment?

Solution Unverified - Updated -

Issue

  • When going through the list of certificates I bumped into an expired certificate for "CN=ipa-ca-agent"
  • All our other IPA certificates have been renewed automatically except for this one.
  • It seems the certificate for this subject is not renewed by neither "ipa-cacert-manage" nor "getcert".
  • Do we need to renew this certificate or has this component become obsolete? If we need to renew it, how can we do so?

Environment

  • Red Hat Enterprise Linux (RHEL) 7.7
  • Red Hat Identity Management (IdM)
  • ipa-server-4.6.5-11.el7_7.3

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content