Rob Foehl via FreeIPA-users wrote:
> Noting that it's now possible to modify the CA certificate subject name
> at install time in 4.5 and 4.6, is there any provision for doing so
> after an upgrade to one of those releases with a cert that originated in
> a 4.4 instance?  Possibly involving renewal of the (externally signed)
> CA cert, if necessary?

I'm not authoritative on this but I don't think so.

Using an external CA would probably the only way this would work but
even then I have my doubts. Some other things would also need to change
like the LDAP certificate profile(s), existing certs would probably need
to be re-issued (I'm particularly fuzzy on this part b/c while the
issuers wouldn't match the CA private key would) and maybe some other
corner cases.

It would be an interesting exercise if you wanted to give it a go on
some test system(s).

FreeIPA-users mailing list --
To unsubscribe send an email to

Reply via email to