Bug 1566596

Summary: Update chapter on the renewal of certificates using certutil
Product: Red Hat Enterprise Linux 7 Reporter: Filip Hanzelka <fhanzelk>
Component: doc-Linux_Domain_Identity_Management_GuideAssignee: Filip Hanzelka <fhanzelk>
Status: CLOSED CURRENTRELEASE QA Contact: ipa-qe <ipa-qe>
Severity: urgent Docs Contact: Filip Hanzelka <fhanzelk>
Priority: urgent    
Version: 7.5CC: lmanasko, rcritten, rhel-docs
Target Milestone: rcKeywords: Documentation
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2018-06-27 09:43:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Filip Hanzelka 2018-04-12 15:14:44 UTC 
Update the following chapter https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/linux_domain_identity_authentication_and_policy_guide/#requesting-cert-certutil
based on the input provided by Morgan Weetman:



The command in step 3 needs to include '--certificate-out <file_name>'.

Then we need a step 4, where we use certutil to add <file_name> into the NSS DB, in my case I used:

certutil -A -d idmuser01-cert/ -n idmuser01 -t "P,," -i ~/idmuser01.pem

.. it will be different for your example.

The purpose of these updates is so that the certificate generated with certutil can be renewed when expiry time gets close.
Comment 7 Filip Hanzelka 2018-05-02 13:18:12 UTC 
Commits made based on Rob's FB:
https://gitlab.cee.redhat.com/red-hat-enterprise-linux-documentation/doc-Red_Hat_Enterprise_Linux-7-Linux_Domain_Identity_Authentication_and_Policy_Guide/commit/5b4aa0ce37e1d6f7260b45e804b0e49dcf11d0a2

The updated chapter:
http://ccs-jenkins.gsslab.brq.redhat.com:8080/job/doc-Red_Hat_Enterprise_Linux-7-Linux_Domain_Identity_Authentication_and_Policy_Guide-branch-1566596_mweetman/lastSuccessfulBuild/artifact/tmp/en-US/html-single/index.html#requesting-cert-certutil