> No worries then. The IPA CA (dogtag) uses NSS for crypto so there is no way > the CA private key could have been exposed. > > If you've issued SSL certs from the IPA CA for services running OpenSSL you > could re-issue those to be on the safe side, but IPA itself uses only NSS on > its servers. > > rob > Ok, that makes sense. I figured out that the back end, dogtag, was using NSS, but it looked like the web GUI was using OpenSSL. Re-issuing SSL certs for services looks simple enough through the GUI. Thanks for your help.
All that aside, is there a way to rekey the IPA CA? I’d hate to see the same type of vulnerability announced next week for NSS and not have any recourse. Thank you. _______________________________________________ Freeipa-users mailing list Freeipafirstname.lastname@example.org https://www.redhat.com/mailman/listinfo/freeipa-users