[Freeipa-users] Updating the CA certificate
Rob Crittenden
rcritten at redhat.com
Mon Nov 5 19:42:06 UTC 2012
Erinn Looney-Triggs wrote:
> On 11/05/12 10:25, Rob Crittenden wrote:
>> Erinn Looney-Triggs wrote:
>>> I hope I haven't missed it in searching around, but how does one update
>>> the CA certificate in IPA?
>>>
>>> Though it is a year out from expiring I would rather know sooner than
>>> later when it comes to this.
>>
>> Kudos for planning ahead!
>>
>> What kind of CA do you have installed. Are you using a dogtag backend CA
>> or did you install with the selfsign method?
>>
>> rob
>>
>
> Using dogtag CA and it is replicated, though, and I am not sure if this
> makes an difference, it is a subordinate CA that has been issued by an
> AD PKI setup.
You'll need to start with your AD PKI. I'm assuming it is expiring as
well since the IPA CA validity period is limited by its issuer. Are you
going to rekey the AD CA or renew the current CA cert?
rob
More information about the Freeipa-users
mailing list