[Freeipa-users] FreeIPA / Change SSL Certificate for Web Server
Florence Blanc-Renaud
flo at redhat.com
Fri Jul 22 07:06:18 UTC 2016
On 07/22/2016 05:08 AM, Devin Acosta wrote:
>
> I have just installed a newly created FreeIPA server running CentOS 7.2.
> I have a (wildcard) SSL Certificate that I want to use for the FreeIPA
> Web Management GUI. I tried to follow the directions listed here at the
> URL
> of https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
> however when I run those steps I get the error message:
>
> ipa-server-certinstall -w -d star.linuxstack.cloud.key
> star.linuxstack.cloud.crt
> Directory Manager password:
>
> Enter private key unlock password:
>
> org.fedorahosted.certmonger.duplicate: Certificate at same location is
> already used by request with nickname "20160722021526".
>
> Any ideas? It seems like I need to somehow just get the one installed by
> default replaced. I don't see any information on how to just replace it?
>
>
>
>
Hi Devin,
you may be hitting issue 4785 [1]. When ipa-server-certinstall is run,
it does not stop tracking the previous server certificate and fails to
start tracking the new cert.
As a side note, with -w -d you are replacing both the directory server
certificate and the Web Management GUI certificate. If you only want to
replace the web cert, you can drop the -d option.
Flo.
[1] https://fedorahosted.org/freeipa/ticket/4785
More information about the Freeipa-users
mailing list