-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On 11/25/2013 11:09 AM, Rob Crittenden wrote:
> Erinn Looney-Triggs wrote:
>> Folks just wanted to touch base again before the American holiday
>> season starts. My CA, which is subordinate to AD CS will be
>> expiring on December 9th, I submitted a bug, y'all drew up docs
>> etc for a plan (thanks). Now I just wanted to see how it was
>> going and if need be what manual steps I will need to take to
>> renew the certificate.
>> 
>> Thanks again for the great work,
> 
> We're working on an a set of tools to make this easier. For now
> I've appended some manual instructions onto a page still in
> progress.
> 
> http://www.freeipa.org/page/Howto/CA_Certificate_Renewal#Manual_Procedure_in_IPA_3.0
>
> 
> 
> Some parts may be still be a little rough or hard to understand.
> Let me know if you have any problems or corrections.
> 
> rob

Rob,

Thanks for the instructions, a few questions.

What sort of interruption in service could this create?

Can you expand on this section a little bit:
Replace the value of ca.signing.cert in /etc/pki-ca/CS.cfg. This is
the base64 value of the certificate. You can obtain this by removing
the BEGIN/END blocks from ipa.crt and compressing it into a single line.

Thanks and happy Thanksgiving,
- -Erinn
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQEcBAEBAgAGBQJSljg7AAoJENetaK3v/E7P9EsIAI6u6A2702kCFqz0j+DDnz0v
vaLra+syW8yxvEXFquHInVnXLWXbdtx0NYks0I+WFzYQGhIp9kM2GCpGTGcQYw3y
Hi+dCNbEmKyJzA+gWdswDIMmvWVfOR9jc5D7L5gRXU4/bb7osECBSvUhNt6Jd2Jw
ejKzE9yRNn9KU0RFGfOeq81fdoAl8GYKJiqeL1V0ATpGZepfhwMyQdbEsGPcrbwM
cKm9WQRfWwurkFBXFO4BJxELgS4/WxraWWb7JA+sjCrctRVvl2odloHgGYanfT0z
c33dNJDkneXvKvw0E1y62NVupI4z5XRHqad5PepWkUKI9n12c/YC8hUZQ3aspto=
=uDkT
-----END PGP SIGNATURE-----

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to