IPA, Kerberos, Certificates
Display content of x509 certificates (*.crt)
openssl x509 -in certificate.crt -text -noout
Display content of Certivicate-Databases (nssdb).
certutil -L -d /etc/pki/nssdb
certutil -K -d /etc/pki/nssdb
FreeIPA Installation
With the new FreeIPA 3.x, included in Fedora 18, it is no longer possible to just run the ipa-client-install command without parameters. The script tries per default to fetch all parameter automatically from DNS. To install the Client in our environment with the DNS controlled by the RRZE we have to specify the complete command with (almost) all parameters.
ipa-client-install no-ntp domain=ww.uni-erlangen.de mkhomedir realm=WW8KD.FAU.DE --server=idm1.wwkd.fau.de