From 45279bd0f1b0c4d5b9644a24c027b0f83d3c2782 Mon Sep 17 00:00:00 2001 From: Fabian Arrotin Date: Jan 16 2023 12:57:30 +0000 Subject: Simple script for ipa tls retrieval mention Signed-off-by: Fabian Arrotin --- diff --git a/docs/security/tls.md b/docs/security/tls.md index 2f4fc23..390e947 100644 --- a/docs/security/tls.md +++ b/docs/security/tls.md @@ -27,7 +27,7 @@ Pre-requisites: * `ipa-client` role applied with correct script deployed !!! note - The following steps are just for *new* certificates. As once you'll have requested this on the enrolled node, the `certmonger` process will automatically watch and request/renew new ones, so they'll land on the enrolled node automatically, from which you can then retrieve TLS files (from /etc/pki/tls/certs) and update pkistore (see above) + The following steps are just for *new* certificates. As once you'll have requested this on the enrolled node, the `certmonger` process will automatically watch and request/renew new ones, so they'll land on the enrolled node automatically, from which you can then retrieve TLS files (from /etc/pki/tls/certs) and update pkistore (see above). To help with that see /koji/retrieve_from_ipa script Once we have shell access on such enrolled node, we can proceed like this :