[Freeipa-users] ipa-cacert-manage install failing with subject public key info mismatch
Fil Di Noto
fdinoto at gmail.com
Mon Oct 24 03:49:37 UTC 2016
Hi,
Can you give an example of what's different between the two subjects?
On Sun, Oct 23, 2016 at 9:03 AM, David Dejaeghere <
david.dejaeghere at gmail.com> wrote:
> Does somebody have an idea how to replace our certificates when the new
> ROOT ca certificate has a different subject?
> The UI is down because of this.
>
> 2016-10-19 11:42 GMT+02:00 David Dejaeghere <david.dejaeghere at gmail.com>:
>
>> Hello,
>>
>> When installing FreeIPA we used the CA from our Windows servers.
>> This one recently expired and we created a new one. It seems that the
>> new root CA has another subject name and this seems to be an issue when we
>> want to install new certs on our FreeIPA hosts.
>>
>> ipa-cacert-manage install certnew.pem -n mycert -t C,,
>>
>> Installing CA certificate, please wait
>> Failed to install the certificate: subject public key info mismatch
>>
>> After validating the subjects are indeed different.
>>
>> How can we replace the required certs for dirsrv and http when the ca is
>> not installable?
>>
>> Kind Regards,
>>
>> David
>>
>>
>>
>
> --
> Manage your subscription for the Freeipa-users mailing list:
> https://www.redhat.com/mailman/listinfo/freeipa-users
> Go to http://freeipa.org for more info on the project
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161023/45bea409/attachment.htm>
More information about the Freeipa-users
mailing list