Joseph Timothy Foley wrote:
I just discovered that the certificate on ipa2.cs.ru.is is good to August,
so I have a little bit of breathing room.  That said, the ipa.cs.ru.is
certificate will expire on March 23, so I need to update it.


The process to get a new cert is pretty much the same as you obtained the original assuming you kept the original CSR. You'd re-submit that to StartSSL and they will provide a new certificate in PEM format.

Add that to the relevant database via:

# certutil -A -n "Server-Cert" -d /path/to/db -t u,u,u -a -i /path/to cert.pem

I can't give much more specific information without knowing if you are, for example, using the came cert/key for both 389-ds and Apache.

rob

--
Dr. Joseph T. Foley <fo...@ru.is> Assistant Professor,  Reykjavik
University +354-599-6569



On 3/21/16 6:27 PM, "Joseph Timothy Foley" <fo...@ru.is> wrote:

Hi there.
I setup an IPA4.2.0 on RHEL7 service for our CS department on
ipa.cs.ru.is(temporarily down) and ipa2.cs.ru.is
I used StartSSL to sign our certificate for HTTP and LDAP usage because I
didn't want our users to deal with the internal CA nor could we get the CA
certificate signed.  Problem is, I can't find any information on how to
get the new certificates installed on the running IPA server.  They expire
in 2 days, so I'm running out of time. Any help would be greatly
appreciated.

I can only find information on how to setup these certificates on a brand
new IPA or replicant.  There isn't any obvious information on how to put
updated certificates into a running instance.

Thanks in advance.

Joe
--
Dr. Joseph T. Foley <fo...@ru.is> Assistant Professor,  Reykjavik
University +354-599-6569




--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project



--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to