Greg Harris wrote:
Thanks for the quick response. It’s version 3.0, as included in CentOS
6.5 EPEL. Yes, I’m running the IPA CA, installed as a self-signed
setup. By rekey, I mean generating a new Public/Private key pair for
the CA certificate, and then subsequently rekeying all of the certs
below. Main reason? Heartbleed.
No worries then. The IPA CA (dogtag) uses NSS for crypto so there is no
way the CA private key could have been exposed.
If you've issued SSL certs from the IPA CA for services running OpenSSL
you could re-issue those to be on the safe side, but IPA itself uses
only NSS on its servers.
Freeipa-users mailing list