Can somebody help us how to move ahead with this issue? It seems like nobody is picking this up?
Kind Regards, David 2016-10-26 13:43 GMT+02:00 David Dejaeghere <[email protected]>: > Does anybody have a clue on how to continue with this? > > Kind Regards, > > David > > 2016-10-24 10:10 GMT+02:00 David Dejaeghere <[email protected]>: > >> These are both the subjects for the old and new root ca cert. >> >> Subject: "CN=tokio-PAPRIKA-CA,DC=tokio,DC=local" >> Subject Public Key Info: >> Public Key Algorithm: PKCS #1 RSA Encryption >> RSA Public Key: >> Modulus: >> d5:51:19:a0:7e:2f:b6:4b:cb:71:42:cb:38:bc:50:0a: >> 18:16:58:07:11:c6:d3:ea:66:91:a8:52:02:54:93:28: >> 78:a1:89:36:7a:0f:1e:2a:35:8a:da:85:05:c4:fe:de: >> e8:6a:e8:fd:1b:89:44:8f:8c:62:d6:56:f7:9e:16:d5: >> fd:b4:44:65:71:4f:1a:7d:d6:28:2d:5e:ad:c9:da:60: >> 54:98:02:87:d9:43:62:ab:1b:93:c1:af:0b:b9:80:2e: >> 08:f0:65:46:bf:de:78:c5:d2:19:b8:07:52:d6:01:ab: >> d0:b2:7d:0a:7f:9f:fa:e8:8c:55:86:e0:d3:d5:ef:e7: >> ad:6a:12:a2:b8:75:be:93:c2:05:df:99:a9:d8:a2:cc: >> 7c:2b:49:d6:a3:65:0c:c8:ef:c3:a4:b6:f6:86:1d:c2: >> 56:56:1b:0d:70:7a:67:15:49:2f:b7:92:8e:2a:94:57: >> 53:26:ef:9a:af:89:fe:cb:1e:e7:ac:72:9a:cd:b4:22: >> b1:22:02:fd:95:23:e0:65:d0:36:e8:e1:88:2b:35:02: >> 99:1c:ee:84:10:80:84:a8:e5:61:04:6b:a3:6b:da:c5: >> 49:36:ef:f6:48:09:2c:0d:7c:b2:52:4f:a6:72:cc:e6: >> 30:b5:dd:a0:5b:0e:96:49:78:9d:1e:27:4e:02:40:a1 >> Exponent: 65537 (0x10001) >> >> Subject: DC=local, DC=tokio, CN=tokio-PAPRIKA-CA >> Subject Public Key Info: >> Public Key Algorithm: rsaEncryption >> Public-Key: (2048 bit) >> Modulus: >> 00:ae:32:35:fa:b5:f4:2d:b8:0c:c3:d9:b0:9f:a8: >> 5d:21:90:58:a9:79:79:7d:85:7e:f1:f2:36:9d:ef: >> 9f:8c:a8:3a:bf:57:5c:2e:6b:5d:2e:91:ba:c6:b7: >> b2:b1:dd:45:de:e6:d4:fe:01:f4:d2:bd:99:9f:9a: >> 71:1d:d4:e4:a7:cd:9e:f3:36:a7:a0:73:55:6b:04: >> 66:ab:c3:63:b3:41:06:ac:c8:c8:3a:4c:eb:83:78: >> 6e:e8:b6:0f:94:fa:a8:7e:7d:89:44:d1:bd:be:14: >> df:0c:ce:4d:b4:e6:0a:e2:d7:84:95:4b:a1:3e:53: >> c9:04:3f:7b:de:1b:fd:7b:b5:b0:69:3b:f9:f2:b5: >> a7:fe:6d:9d:62:6e:9a:fc:1e:32:69:ad:4c:ae:e3: >> 61:dd:92:99:34:4b:bf:6b:02:88:18:88:a2:0f:ca: >> e8:6e:91:f0:e6:2e:4d:83:f6:05:7e:ed:f2:f1:3e: >> b2:36:3f:de:3f:db:93:73:5b:60:ee:8c:48:e0:c0: >> 4c:0e:6a:63:1a:16:af:9e:28:93:40:39:23:bf:d0: >> 77:9c:b7:80:d3:c3:42:d8:27:db:d7:4b:e5:3f:b4: >> d2:ad:57:c2:01:73:c8:45:26:f1:00:93:50:3e:cf: >> 7a:2d:25:d5:43:b6:a7:75:a1:ef:58:f9:c9:11:e8: >> 09:1d >> Exponent: 65537 (0x10001) >> >> 2016-10-24 5:49 GMT+02:00 Fil Di Noto <[email protected]>: >> >>> Hi, >>> >>> Can you give an example of what's different between the two subjects? >>> >>> On Sun, Oct 23, 2016 at 9:03 AM, David Dejaeghere < >>> [email protected]> wrote: >>> >>>> Does somebody have an idea how to replace our certificates when the new >>>> ROOT ca certificate has a different subject? >>>> The UI is down because of this. >>>> >>>> 2016-10-19 11:42 GMT+02:00 David Dejaeghere <[email protected] >>>> >: >>>> >>>>> Hello, >>>>> >>>>> When installing FreeIPA we used the CA from our Windows servers. >>>>> This one recently expired and we created a new one. It seems that the >>>>> new root CA has another subject name and this seems to be an issue when we >>>>> want to install new certs on our FreeIPA hosts. >>>>> >>>>> ipa-cacert-manage install certnew.pem -n mycert -t C,, >>>>> >>>>> Installing CA certificate, please wait >>>>> Failed to install the certificate: subject public key info mismatch >>>>> >>>>> After validating the subjects are indeed different. >>>>> >>>>> How can we replace the required certs for dirsrv and http when the ca >>>>> is not installable? >>>>> >>>>> Kind Regards, >>>>> >>>>> David >>>>> >>>>> >>>>> >>>> >>>> -- >>>> Manage your subscription for the Freeipa-users mailing list: >>>> https://www.redhat.com/mailman/listinfo/freeipa-users >>>> Go to http://freeipa.org for more info on the project >>>> >>> >>> >> >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project
