[Freeipa-users] Switch certificates from external CA to internal
Florence Blanc-Renaud
flo at redhat.com
Thu Jan 12 15:46:21 UTC 2017
On 01/12/2017 02:57 PM, Jeff Goddard wrote:
> I've had issues with expired certificates. In the course of
> troubleshooting I've somehow set the cas to external. Is there a way I
> can switch back?
>
> [root at id-management-1 conf]# getcert list-cas
> CA 'SelfSign':
> is-default: no
> ca-type: INTERNAL:SELF
> next-serial-number: 01
> CA 'IPA':
> is-default: no
> ca-type: EXTERNAL
> helper-location: /usr/libexec/certmonger/ipa-server-guard
> /usr/libexec/certmonger/ipa-submit
> CA 'certmaster':
> is-default: no
> ca-type: EXTERNAL
> helper-location: /usr/libexec/certmonger/certmaster-submit
> CA 'dogtag-ipa-renew-agent':
> is-default: no
> ca-type: EXTERNAL
> helper-location: /usr/libexec/certmonger/ipa-server-guard
> /usr/libexec/certmonger/dogtag-ipa-renew-agent-submit
> CA 'local':
> is-default: no
> ca-type: EXTERNAL
> helper-location: /usr/libexec/certmonger/local-submit
> CA 'dogtag-ipa-ca-renew-agent':
> is-default: no
> ca-type: EXTERNAL
> helper-location:
> /usr/libexec/certmonger/dogtag-ipa-ca-renew-agent-submit -vv
>
> Thanks,
>
> Jeff
>
>
>
Hi Jeff,
the following documentation explains how to change the certificate chain
from externally-signed to self-signed:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Linux_Domain_Identity_Authentication_and_Policy_Guide/change-cert-chaining.html
HTH,
Flo.
More information about the Freeipa-users
mailing list