[Freeipa-users] Rekey Self-signed CA
Greg Harris
gharris at teamexpansion.org
Fri Apr 11 01:19:03 UTC 2014
> No worries then. The IPA CA (dogtag) uses NSS for crypto so there is no way the CA private key could have been exposed.
>
> If you've issued SSL certs from the IPA CA for services running OpenSSL you could re-issue those to be on the safe side, but IPA itself uses only NSS on its servers.
>
> rob
>
Ok, that makes sense. I figured out that the back end, dogtag, was using NSS, but it looked like the web GUI was using OpenSSL. Re-issuing SSL certs for services looks simple enough through the GUI. Thanks for your help.
All that aside, is there a way to rekey the IPA CA? I’d hate to see the same type of vulnerability announced next week for NSS and not have any recourse.
Thank you.
More information about the Freeipa-users
mailing list