Greg Harris wrote:

Thanks for the quick response.  It’s version 3.0, as included in CentOS
6.5 EPEL.  Yes, I’m running the IPA CA, installed as a self-signed
setup.  By rekey, I mean generating a new Public/Private key pair for
the CA certificate, and then subsequently rekeying all of the certs
below.  Main reason?  Heartbleed.

No worries then. The IPA CA (dogtag) uses NSS for crypto so there is no way the CA private key could have been exposed.

If you've issued SSL certs from the IPA CA for services running OpenSSL you could re-issue those to be on the safe side, but IPA itself uses only NSS on its servers.


Freeipa-users mailing list

Reply via email to