From bb2bcbf6008abd25893a352e7b5a4dc5d2d65dda Mon Sep 17 00:00:00 2001 From: Fabian Arrotin Date: Jan 16 2023 06:32:00 +0000 Subject: Added note about renewal with ipa/dogtag on enrolled node Signed-off-by: Fabian Arrotin --- diff --git a/docs/security/tls.md b/docs/security/tls.md index c4a70f7..2f4fc23 100644 --- a/docs/security/tls.md +++ b/docs/security/tls.md @@ -27,7 +27,7 @@ Pre-requisites: * `ipa-client` role applied with correct script deployed !!! note - The following steps are just for *new* certificates. As once you'll have requested this on the enrolled node, dogtag will automatically watch and request/renew new ones, so they'll land on the enrolled node automatically, from which you can then retrieve TLS files and update pkistore (see above) + The following steps are just for *new* certificates. As once you'll have requested this on the enrolled node, the `certmonger` process will automatically watch and request/renew new ones, so they'll land on the enrolled node automatically, from which you can then retrieve TLS files (from /etc/pki/tls/certs) and update pkistore (see above) Once we have shell access on such enrolled node, we can proceed like this :