Erinn Looney-Triggs wrote:
On 11/05/12 10:25, Rob Crittenden wrote:
Erinn Looney-Triggs wrote:
I hope I haven't missed it in searching around, but how does one update
the CA certificate in IPA?

Though it is a year out from expiring I would rather know sooner than
later when it comes to this.

Kudos for planning ahead!

What kind of CA do you have installed. Are you using a dogtag backend CA
or did you install with the selfsign method?

rob


Using dogtag CA and it is replicated, though, and I am not sure if this
makes an difference, it is a subordinate CA that has been issued by an
AD PKI setup.

You'll need to start with your AD PKI. I'm assuming it is expiring as well since the IPA CA validity period is limited by its issuer. Are you going to rekey the AD CA or renew the current CA cert?

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to