-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 11/25/2013 11:09 AM, Rob Crittenden wrote: > Erinn Looney-Triggs wrote: >> Folks just wanted to touch base again before the American holiday >> season starts. My CA, which is subordinate to AD CS will be >> expiring on December 9th, I submitted a bug, y'all drew up docs >> etc for a plan (thanks). Now I just wanted to see how it was >> going and if need be what manual steps I will need to take to >> renew the certificate. >> >> Thanks again for the great work, > > We're working on an a set of tools to make this easier. For now > I've appended some manual instructions onto a page still in > progress. > > http://www.freeipa.org/page/Howto/CA_Certificate_Renewal#Manual_Procedure_in_IPA_3.0 > > > > Some parts may be still be a little rough or hard to understand. > Let me know if you have any problems or corrections. > > rob Rob, Thanks for the instructions, a few questions. What sort of interruption in service could this create? Can you expand on this section a little bit: Replace the value of ca.signing.cert in /etc/pki-ca/CS.cfg. This is the base64 value of the certificate. You can obtain this by removing the BEGIN/END blocks from ipa.crt and compressing it into a single line. Thanks and happy Thanksgiving, - -Erinn -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.15 (GNU/Linux) iQEcBAEBAgAGBQJSljg7AAoJENetaK3v/E7P9EsIAI6u6A2702kCFqz0j+DDnz0v vaLra+syW8yxvEXFquHInVnXLWXbdtx0NYks0I+WFzYQGhIp9kM2GCpGTGcQYw3y Hi+dCNbEmKyJzA+gWdswDIMmvWVfOR9jc5D7L5gRXU4/bb7osECBSvUhNt6Jd2Jw ejKzE9yRNn9KU0RFGfOeq81fdoAl8GYKJiqeL1V0ATpGZepfhwMyQdbEsGPcrbwM cKm9WQRfWwurkFBXFO4BJxELgS4/WxraWWb7JA+sjCrctRVvl2odloHgGYanfT0z c33dNJDkneXvKvw0E1y62NVupI4z5XRHqad5PepWkUKI9n12c/YC8hUZQ3aspto= =uDkT -----END PGP SIGNATURE----- _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
