[Freeipa-users] ipa-cacert-manage install failing with subject public key info mismatch
David Dejaeghere
david.dejaeghere at gmail.com
Wed Oct 26 11:43:09 UTC 2016
Does anybody have a clue on how to continue with this?
Kind Regards,
David
2016-10-24 10:10 GMT+02:00 David Dejaeghere <david.dejaeghere at gmail.com>:
> These are both the subjects for the old and new root ca cert.
>
> Subject: "CN=tokio-PAPRIKA-CA,DC=tokio,DC=local"
> Subject Public Key Info:
> Public Key Algorithm: PKCS #1 RSA Encryption
> RSA Public Key:
> Modulus:
> d5:51:19:a0:7e:2f:b6:4b:cb:71:42:cb:38:bc:50:0a:
> 18:16:58:07:11:c6:d3:ea:66:91:a8:52:02:54:93:28:
> 78:a1:89:36:7a:0f:1e:2a:35:8a:da:85:05:c4:fe:de:
> e8:6a:e8:fd:1b:89:44:8f:8c:62:d6:56:f7:9e:16:d5:
> fd:b4:44:65:71:4f:1a:7d:d6:28:2d:5e:ad:c9:da:60:
> 54:98:02:87:d9:43:62:ab:1b:93:c1:af:0b:b9:80:2e:
> 08:f0:65:46:bf:de:78:c5:d2:19:b8:07:52:d6:01:ab:
> d0:b2:7d:0a:7f:9f:fa:e8:8c:55:86:e0:d3:d5:ef:e7:
> ad:6a:12:a2:b8:75:be:93:c2:05:df:99:a9:d8:a2:cc:
> 7c:2b:49:d6:a3:65:0c:c8:ef:c3:a4:b6:f6:86:1d:c2:
> 56:56:1b:0d:70:7a:67:15:49:2f:b7:92:8e:2a:94:57:
> 53:26:ef:9a:af:89:fe:cb:1e:e7:ac:72:9a:cd:b4:22:
> b1:22:02:fd:95:23:e0:65:d0:36:e8:e1:88:2b:35:02:
> 99:1c:ee:84:10:80:84:a8:e5:61:04:6b:a3:6b:da:c5:
> 49:36:ef:f6:48:09:2c:0d:7c:b2:52:4f:a6:72:cc:e6:
> 30:b5:dd:a0:5b:0e:96:49:78:9d:1e:27:4e:02:40:a1
> Exponent: 65537 (0x10001)
>
> Subject: DC=local, DC=tokio, CN=tokio-PAPRIKA-CA
> Subject Public Key Info:
> Public Key Algorithm: rsaEncryption
> Public-Key: (2048 bit)
> Modulus:
> 00:ae:32:35:fa:b5:f4:2d:b8:0c:c3:d9:b0:9f:a8:
> 5d:21:90:58:a9:79:79:7d:85:7e:f1:f2:36:9d:ef:
> 9f:8c:a8:3a:bf:57:5c:2e:6b:5d:2e:91:ba:c6:b7:
> b2:b1:dd:45:de:e6:d4:fe:01:f4:d2:bd:99:9f:9a:
> 71:1d:d4:e4:a7:cd:9e:f3:36:a7:a0:73:55:6b:04:
> 66:ab:c3:63:b3:41:06:ac:c8:c8:3a:4c:eb:83:78:
> 6e:e8:b6:0f:94:fa:a8:7e:7d:89:44:d1:bd:be:14:
> df:0c:ce:4d:b4:e6:0a:e2:d7:84:95:4b:a1:3e:53:
> c9:04:3f:7b:de:1b:fd:7b:b5:b0:69:3b:f9:f2:b5:
> a7:fe:6d:9d:62:6e:9a:fc:1e:32:69:ad:4c:ae:e3:
> 61:dd:92:99:34:4b:bf:6b:02:88:18:88:a2:0f:ca:
> e8:6e:91:f0:e6:2e:4d:83:f6:05:7e:ed:f2:f1:3e:
> b2:36:3f:de:3f:db:93:73:5b:60:ee:8c:48:e0:c0:
> 4c:0e:6a:63:1a:16:af:9e:28:93:40:39:23:bf:d0:
> 77:9c:b7:80:d3:c3:42:d8:27:db:d7:4b:e5:3f:b4:
> d2:ad:57:c2:01:73:c8:45:26:f1:00:93:50:3e:cf:
> 7a:2d:25:d5:43:b6:a7:75:a1:ef:58:f9:c9:11:e8:
> 09:1d
> Exponent: 65537 (0x10001)
>
> 2016-10-24 5:49 GMT+02:00 Fil Di Noto <fdinoto at gmail.com>:
>
>> Hi,
>>
>> Can you give an example of what's different between the two subjects?
>>
>> On Sun, Oct 23, 2016 at 9:03 AM, David Dejaeghere <
>> david.dejaeghere at gmail.com> wrote:
>>
>>> Does somebody have an idea how to replace our certificates when the new
>>> ROOT ca certificate has a different subject?
>>> The UI is down because of this.
>>>
>>> 2016-10-19 11:42 GMT+02:00 David Dejaeghere <david.dejaeghere at gmail.com>
>>> :
>>>
>>>> Hello,
>>>>
>>>> When installing FreeIPA we used the CA from our Windows servers.
>>>> This one recently expired and we created a new one. It seems that the
>>>> new root CA has another subject name and this seems to be an issue when we
>>>> want to install new certs on our FreeIPA hosts.
>>>>
>>>> ipa-cacert-manage install certnew.pem -n mycert -t C,,
>>>>
>>>> Installing CA certificate, please wait
>>>> Failed to install the certificate: subject public key info mismatch
>>>>
>>>> After validating the subjects are indeed different.
>>>>
>>>> How can we replace the required certs for dirsrv and http when the ca
>>>> is not installable?
>>>>
>>>> Kind Regards,
>>>>
>>>> David
>>>>
>>>>
>>>>
>>>
>>> --
>>> Manage your subscription for the Freeipa-users mailing list:
>>> https://www.redhat.com/mailman/listinfo/freeipa-users
>>> Go to http://freeipa.org for more info on the project
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20161026/573e3fc3/attachment.htm>
More information about the Freeipa-users
mailing list