Dungan, Scott A. via FreeIPA-users wrote:
> Happy new year, everyone.
>
> Â
>
> We have an unused letsencrypt CA cert and associated the DSTRootCAX3
> cert installed on version 4.8.7. Due to firewall issues, we moved to a
> paid commercial cert (Comodo) for the https service. My question is, how
> can we remove the two unused CA certs? If we do so, is it necessary to
> update the clients with ipa-certupdate, or will the removal be transparent?
>
> Â
>
> ~]# ipa-cacert-manage list
>
> xxx.xxx.xxx.edu IPA CA
>
> DSTRootCAX3
>
> letsencryptx3
>
> CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater
> Manchester,C=GB
>
> CN=USERTrust RSA Certification Authority,O=The USERTRUST
> Network,L=Jersey City,ST=New Jersey,C=US
>
> CN=InCommon RSA Server CA,OU=InCommon,O=Internet2,L=Ann Arbor,ST=MI,C=US
>
> The ipa-cacert-manage command was successful
From ipa-cacert-manage(1):
SYNOPSIS
...
ipa-cacert-manage delete [options] NICKNAME
ipa-certupdate will need to be run on all enrolled machines.
rob
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
