[Freeipa-users] is ipa-cert-manage safe to use?
Harald Dunkel
harald.dunkel at aixigo.de
Mon May 15 11:53:15 UTC 2017
Hi folks,
I have to renew (or replace) the externally signed certificate
on my ipa servers using a new ca. Apparently the tool of choice
is ipa-cacert-manage.
Of course I found https://www.freeipa.org/page/Howto/CA_Certificate_Renewal.
Problem is, I cannot estimate the risk and if its worth the effort.
What happens to freeipa if ipa-cacert-manage fails miserably? Does it
affect the LDAP database or Kerberos? Will it break the connection
between my ipa servers or between servers and clients?
Would you suggest to forget all the "CA stuff" in freeipa and manage
the certificates externally?
The platform of the ipa servers is Centos 7.3. There are 100+
Debian and RedHat clients using freeipa 4.4.3 and 4.0.5 and 3.0.2.
I am highly concerned. Every helpful comment is appreciated.
Harri
More information about the Freeipa-users
mailing list