> No worries then. The IPA CA (dogtag) uses NSS for crypto so there is no way
> the CA private key could have been exposed.
> If you've issued SSL certs from the IPA CA for services running OpenSSL you
> could re-issue those to be on the safe side, but IPA itself uses only NSS on
> its servers.
Ok, that makes sense. I figured out that the back end, dogtag, was using NSS,
but it looked like the web GUI was using OpenSSL. Re-issuing SSL certs for
services looks simple enough through the GUI. Thanks for your help.
All that aside, is there a way to rekey the IPA CA? I’d hate to see the same
type of vulnerability announced next week for NSS and not have any recourse.
Freeipa-users mailing list