Rob Foehl via FreeIPA-users wrote: > Noting that it's now possible to modify the CA certificate subject name > at install time in 4.5 and 4.6, is there any provision for doing so > after an upgrade to one of those releases with a cert that originated in > a 4.4 instance? Possibly involving renewal of the (externally signed) > CA cert, if necessary?
I'm not authoritative on this but I don't think so. Using an external CA would probably the only way this would work but even then I have my doubts. Some other things would also need to change like the LDAP certificate profile(s), existing certs would probably need to be re-issued (I'm particularly fuzzy on this part b/c while the issuers wouldn't match the CA private key would) and maybe some other corner cases. It would be an interesting exercise if you wanted to give it a go on some test system(s). rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
