Rob Foehl via FreeIPA-users wrote:
> Noting that it's now possible to modify the CA certificate subject name
> at install time in 4.5 and 4.6, is there any provision for doing so
> after an upgrade to one of those releases with a cert that originated in
> a 4.4 instance? Possibly involving renewal of the (externally signed)
> CA cert, if necessary?
I'm not authoritative on this but I don't think so.
Using an external CA would probably the only way this would work but
even then I have my doubts. Some other things would also need to change
like the LDAP certificate profile(s), existing certs would probably need
to be re-issued (I'm particularly fuzzy on this part b/c while the
issuers wouldn't match the CA private key would) and maybe some other
It would be an interesting exercise if you wanted to give it a go on
some test system(s).
FreeIPA-users mailing list -- firstname.lastname@example.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org