[Freeipa-users] Renewing an externally signed HTTP/LDAP certificate
Rob Crittenden
rcritten at redhat.com
Mon Mar 21 19:47:21 UTC 2016
Joseph Timothy Foley wrote:
> I just discovered that the certificate on ipa2.cs.ru.is is good to August,
> so I have a little bit of breathing room. That said, the ipa.cs.ru.is
> certificate will expire on March 23, so I need to update it.
The process to get a new cert is pretty much the same as you obtained
the original assuming you kept the original CSR. You'd re-submit that to
StartSSL and they will provide a new certificate in PEM format.
Add that to the relevant database via:
# certutil -A -n "Server-Cert" -d /path/to/db -t u,u,u -a -i /path/to
cert.pem
I can't give much more specific information without knowing if you are,
for example, using the came cert/key for both 389-ds and Apache.
rob
> --
> Dr. Joseph T. Foley <foley at ru.is> Assistant Professor, Reykjavik
> University +354-599-6569
>
>
>
> On 3/21/16 6:27 PM, "Joseph Timothy Foley" <foley at ru.is> wrote:
>
>> Hi there.
>> I setup an IPA4.2.0 on RHEL7 service for our CS department on
>> ipa.cs.ru.is(temporarily down) and ipa2.cs.ru.is
>> I used StartSSL to sign our certificate for HTTP and LDAP usage because I
>> didn't want our users to deal with the internal CA nor could we get the CA
>> certificate signed. Problem is, I can't find any information on how to
>> get the new certificates installed on the running IPA server. They expire
>> in 2 days, so I'm running out of time. Any help would be greatly
>> appreciated.
>>
>> I can only find information on how to setup these certificates on a brand
>> new IPA or replicant. There isn't any obvious information on how to put
>> updated certificates into a running instance.
>>
>> Thanks in advance.
>>
>> Joe
>> --
>> Dr. Joseph T. Foley <foley at ru.is> Assistant Professor, Reykjavik
>> University +354-599-6569
>>
>>
>>
>>
>> --
>> Manage your subscription for the Freeipa-users mailing list:
>> https://www.redhat.com/mailman/listinfo/freeipa-users
>> Go to http://freeipa.org for more info on the project
>
>
More information about the Freeipa-users
mailing list