[Freeipa-users] Renewing an externally signed HTTP/LDAP certificate

[Rob Crittenden]

Joseph Timothy Foley wrote:
> I just discovered that the certificate on ipa2.cs.ru.is is good to August,
> so I have a little bit of breathing room.  That said, the ipa.cs.ru.is
> certificate will expire on March 23, so I need to update it.

The process to get a new cert is pretty much the same as you obtained 
the original assuming you kept the original CSR. You'd re-submit that to 
StartSSL and they will provide a new certificate in PEM format.

Add that to the relevant database via:

# certutil -A -n "Server-Cert" -d /path/to/db -t u,u,u -a -i /path/to 
cert.pem

I can't give much more specific information without knowing if you are, 
for example, using the came cert/key for both 389-ds and Apache.

rob

> --
> Dr. Joseph T. Foley <foley at ru.is> Assistant Professor,  Reykjavik
> University +354-599-6569
>
>
>
> On 3/21/16 6:27 PM, "Joseph Timothy Foley" <foley at ru.is> wrote:
>
>> Hi there.
>> I setup an IPA4.2.0 on RHEL7 service for our CS department on
>> ipa.cs.ru.is(temporarily down) and ipa2.cs.ru.is
>> I used StartSSL to sign our certificate for HTTP and LDAP usage because I
>> didn't want our users to deal with the internal CA nor could we get the CA
>> certificate signed.  Problem is, I can't find any information on how to
>> get the new certificates installed on the running IPA server.  They expire
>> in 2 days, so I'm running out of time. Any help would be greatly
>> appreciated.
>>
>> I can only find information on how to setup these certificates on a brand
>> new IPA or replicant.  There isn't any obvious information on how to put
>> updated certificates into a running instance.
>>
>> Thanks in advance.
>>
>> Joe
>> --
>> Dr. Joseph T. Foley <foley at ru.is> Assistant Professor,  Reykjavik
>> University +354-599-6569
>>
>>
>>
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>
>