Can somebody help us how to move ahead with this issue?
It seems like nobody is picking this up?

Kind Regards,

David

2016-10-26 13:43 GMT+02:00 David Dejaeghere <david.dejaegh...@gmail.com>:

> Does anybody have a clue on how to continue with this?
>
> Kind Regards,
>
> David
>
> 2016-10-24 10:10 GMT+02:00 David Dejaeghere <david.dejaegh...@gmail.com>:
>
>> These are both the subjects for the old and new root ca cert.
>>
>>         Subject: "CN=tokio-PAPRIKA-CA,DC=tokio,DC=local"
>>         Subject Public Key Info:
>>             Public Key Algorithm: PKCS #1 RSA Encryption
>>             RSA Public Key:
>>                 Modulus:
>>                     d5:51:19:a0:7e:2f:b6:4b:cb:71:42:cb:38:bc:50:0a:
>>                     18:16:58:07:11:c6:d3:ea:66:91:a8:52:02:54:93:28:
>>                     78:a1:89:36:7a:0f:1e:2a:35:8a:da:85:05:c4:fe:de:
>>                     e8:6a:e8:fd:1b:89:44:8f:8c:62:d6:56:f7:9e:16:d5:
>>                     fd:b4:44:65:71:4f:1a:7d:d6:28:2d:5e:ad:c9:da:60:
>>                     54:98:02:87:d9:43:62:ab:1b:93:c1:af:0b:b9:80:2e:
>>                     08:f0:65:46:bf:de:78:c5:d2:19:b8:07:52:d6:01:ab:
>>                     d0:b2:7d:0a:7f:9f:fa:e8:8c:55:86:e0:d3:d5:ef:e7:
>>                     ad:6a:12:a2:b8:75:be:93:c2:05:df:99:a9:d8:a2:cc:
>>                     7c:2b:49:d6:a3:65:0c:c8:ef:c3:a4:b6:f6:86:1d:c2:
>>                     56:56:1b:0d:70:7a:67:15:49:2f:b7:92:8e:2a:94:57:
>>                     53:26:ef:9a:af:89:fe:cb:1e:e7:ac:72:9a:cd:b4:22:
>>                     b1:22:02:fd:95:23:e0:65:d0:36:e8:e1:88:2b:35:02:
>>                     99:1c:ee:84:10:80:84:a8:e5:61:04:6b:a3:6b:da:c5:
>>                     49:36:ef:f6:48:09:2c:0d:7c:b2:52:4f:a6:72:cc:e6:
>>                     30:b5:dd:a0:5b:0e:96:49:78:9d:1e:27:4e:02:40:a1
>>                 Exponent: 65537 (0x10001)
>>
>>         Subject: DC=local, DC=tokio, CN=tokio-PAPRIKA-CA
>>         Subject Public Key Info:
>>             Public Key Algorithm: rsaEncryption
>>                 Public-Key: (2048 bit)
>>                 Modulus:
>>                     00:ae:32:35:fa:b5:f4:2d:b8:0c:c3:d9:b0:9f:a8:
>>                     5d:21:90:58:a9:79:79:7d:85:7e:f1:f2:36:9d:ef:
>>                     9f:8c:a8:3a:bf:57:5c:2e:6b:5d:2e:91:ba:c6:b7:
>>                     b2:b1:dd:45:de:e6:d4:fe:01:f4:d2:bd:99:9f:9a:
>>                     71:1d:d4:e4:a7:cd:9e:f3:36:a7:a0:73:55:6b:04:
>>                     66:ab:c3:63:b3:41:06:ac:c8:c8:3a:4c:eb:83:78:
>>                     6e:e8:b6:0f:94:fa:a8:7e:7d:89:44:d1:bd:be:14:
>>                     df:0c:ce:4d:b4:e6:0a:e2:d7:84:95:4b:a1:3e:53:
>>                     c9:04:3f:7b:de:1b:fd:7b:b5:b0:69:3b:f9:f2:b5:
>>                     a7:fe:6d:9d:62:6e:9a:fc:1e:32:69:ad:4c:ae:e3:
>>                     61:dd:92:99:34:4b:bf:6b:02:88:18:88:a2:0f:ca:
>>                     e8:6e:91:f0:e6:2e:4d:83:f6:05:7e:ed:f2:f1:3e:
>>                     b2:36:3f:de:3f:db:93:73:5b:60:ee:8c:48:e0:c0:
>>                     4c:0e:6a:63:1a:16:af:9e:28:93:40:39:23:bf:d0:
>>                     77:9c:b7:80:d3:c3:42:d8:27:db:d7:4b:e5:3f:b4:
>>                     d2:ad:57:c2:01:73:c8:45:26:f1:00:93:50:3e:cf:
>>                     7a:2d:25:d5:43:b6:a7:75:a1:ef:58:f9:c9:11:e8:
>>                     09:1d
>>                 Exponent: 65537 (0x10001)
>>
>> 2016-10-24 5:49 GMT+02:00 Fil Di Noto <fdin...@gmail.com>:
>>
>>> Hi,
>>>
>>> Can you give an example of what's different between the two subjects?
>>>
>>> On Sun, Oct 23, 2016 at 9:03 AM, David Dejaeghere <
>>> david.dejaegh...@gmail.com> wrote:
>>>
>>>> Does somebody have an idea how to replace our certificates when the new
>>>> ROOT ca certificate has a different subject?
>>>> The UI is down because of this.
>>>>
>>>> 2016-10-19 11:42 GMT+02:00 David Dejaeghere <david.dejaegh...@gmail.com
>>>> >:
>>>>
>>>>> Hello,
>>>>>
>>>>> When installing FreeIPA we used the CA from our Windows servers.
>>>>> This one recently expired and we created a new one.  It seems that the
>>>>> new root CA has another subject name and this seems to be an issue when we
>>>>> want to install new certs on our FreeIPA hosts.
>>>>>
>>>>> ipa-cacert-manage install certnew.pem -n mycert -t C,,
>>>>>
>>>>> Installing CA certificate, please wait
>>>>> Failed to install the certificate: subject public key info mismatch
>>>>>
>>>>> After validating the subjects are indeed different.
>>>>>
>>>>> How can we replace the required certs for dirsrv and http when the ca
>>>>> is not installable?
>>>>>
>>>>> Kind Regards,
>>>>>
>>>>> David
>>>>>
>>>>>
>>>>>
>>>>
>>>> --
>>>> Manage your subscription for the Freeipa-users mailing list:
>>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>>> Go to http://freeipa.org for more info on the project
>>>>
>>>
>>>
>>
>
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to