[Freeipa-users] Need to replace cert for ipa servers

[sipazzo]

Good afternoon, we have a freeipa 3.0.42 installation running on redhead 6.6 with a mix of rhel 5, rhel6 and Solaris clients. It was originally configured with the built in dogtag certificate CA and then one of my co-workers added our GoDaddy certificate to the certificate bundle. My understanding is this cert is used for communication between the ipa servers as well as the clients are also configured to trust the GoDaddy certificate. We recently had to get a new GoDaddy cert so our old one is revoked. I need to figure out how to either replace the existing revoked cert with the new one or add the new one to the bundle and then remove the revoked certificate so as not to break anything.
Any help is appreciated. I am not strong with certificates so the more detail you can give the better.Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150304/b7e98d69/attachment.htm>