Hide Forgot
Update the following chapter https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html-single/linux_domain_identity_authentication_and_policy_guide/#requesting-cert-certutil based on the input provided by Morgan Weetman: The command in step 3 needs to include '--certificate-out <file_name>'. Then we need a step 4, where we use certutil to add <file_name> into the NSS DB, in my case I used: certutil -A -d idmuser01-cert/ -n idmuser01 -t "P,," -i ~/idmuser01.pem .. it will be different for your example. The purpose of these updates is so that the certificate generated with certutil can be renewed when expiry time gets close.
Commits made based on Rob's FB: https://gitlab.cee.redhat.com/red-hat-enterprise-linux-documentation/doc-Red_Hat_Enterprise_Linux-7-Linux_Domain_Identity_Authentication_and_Policy_Guide/commit/5b4aa0ce37e1d6f7260b45e804b0e49dcf11d0a2 The updated chapter: http://ccs-jenkins.gsslab.brq.redhat.com:8080/job/doc-Red_Hat_Enterprise_Linux-7-Linux_Domain_Identity_Authentication_and_Policy_Guide-branch-1566596_mweetman/lastSuccessfulBuild/artifact/tmp/en-US/html-single/index.html#requesting-cert-certutil