[Freeipa-users] change CA subject or "friendly name"?
Fraser Tweedale
ftweedal at redhat.com
Mon Apr 11 23:08:32 UTC 2016
On Mon, Apr 11, 2016 at 11:43:17AM -0400, Anthony Clark wrote:
> Hello All,
>
> I'm in the process of deploying FreeIPA 4 in a development environment.
> One of my testers has imported the ca.pem file into Windows, and indicates
> that it displays as:
>
> Issued to: Certificate Authority
> Issued by: Certificate Authority
> Friendly Name: <None>
>
> This will unfortunately cause confusion among certain end users, so I was
> wondering if there's a way to change those attributes?
>
> Ideally without reinstalling everything, but thankfully we're still early
> in the process so it's OK if do blow everything away.
>
> Do I need to generate a new CA outside of FreeIPA and then use
> ipa-cacert-manage to "renew" the base CA?
>
> Thanks,
>
> Anthony Clark
Hi Anthony,
After a brief investigation it appears that ``Friendly Name'' is a
property that can be set in a Windows certificate store, and is not
part of, or derived from, the certificate itself.
Here are a couple of TechNet articles that might help:
- https://technet.microsoft.com/en-us/library/cc740218%28v=ws.10%29.aspx
- https://blogs.technet.microsoft.com/pki/2008/12/12/defining-the-friendly-name-certificate-property/
Cheers,
Fraser
More information about the Freeipa-users
mailing list