<div dir="ltr">Does anybody have a clue on how to continue with this?<div><br></div><div>Kind Regards,</div><div><br></div><div>David</div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-10-24 10:10 GMT+02:00 David Dejaeghere <span dir="ltr"><<a href="mailto:david.dejaeghere@gmail.com" target="_blank">david.dejaeghere@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">These are both the subjects for the old and new root ca cert.<div><br></div><div><div> Subject: "CN=tokio-PAPRIKA-CA,DC=tokio,<wbr>DC=local"</div><div> Subject Public Key Info:</div><div> Public Key Algorithm: PKCS #1 RSA Encryption</div><div> RSA Public Key:</div><div> Modulus:</div><div> d5:51:19:a0:7e:2f:b6:4b:cb:71:<wbr>42:cb:38:bc:50:0a:</div><div> 18:16:58:07:11:c6:d3:ea:66:91:<wbr>a8:52:02:54:93:28:</div><div> 78:a1:89:36:7a:0f:1e:2a:35:8a:<wbr>da:85:05:c4:fe:de:</div><div> e8:6a:e8:fd:1b:89:44:8f:8c:62:<wbr>d6:56:f7:9e:16:d5:</div><div> fd:b4:44:65:71:4f:1a:7d:d6:28:<wbr>2d:5e:ad:c9:da:60:</div><div> 54:98:02:87:d9:43:62:ab:1b:93:<wbr>c1:af:0b:b9:80:2e:</div><div> 08:f0:65:46:bf:de:78:c5:d2:19:<wbr>b8:07:52:d6:01:ab:</div><div> d0:b2:7d:0a:7f:9f:fa:e8:8c:55:<wbr>86:e0:d3:d5:ef:e7:</div><div> ad:6a:12:a2:b8:75:be:93:c2:05:<wbr>df:99:a9:d8:a2:cc:</div><div> 7c:2b:49:d6:a3:65:0c:c8:ef:c3:<wbr>a4:b6:f6:86:1d:c2:</div><div> 56:56:1b:0d:70:7a:67:15:49:2f:<wbr>b7:92:8e:2a:94:57:</div><div> 53:26:ef:9a:af:89:fe:cb:1e:e7:<wbr>ac:72:9a:cd:b4:22:</div><div> b1:22:02:fd:95:23:e0:65:d0:36:<wbr>e8:e1:88:2b:35:02:</div><div> 99:1c:ee:84:10:80:84:a8:e5:61:<wbr>04:6b:a3:6b:da:c5:</div><div> 49:36:ef:f6:48:09:2c:0d:7c:b2:<wbr>52:4f:a6:72:cc:e6:</div><div> 30:b5:dd:a0:5b:0e:96:49:78:9d:<wbr>1e:27:4e:02:40:a1</div><div> Exponent: 65537 (0x10001)</div><div><br></div><div> Subject: DC=local, DC=tokio, CN=tokio-PAPRIKA-CA</div><div> Subject Public Key Info:</div><div> Public Key Algorithm: rsaEncryption</div><div> Public-Key: (2048 bit)</div><div> Modulus:</div><div> 00:ae:32:35:fa:b5:f4:2d:b8:0c:<wbr>c3:d9:b0:9f:a8:</div><div> 5d:21:90:58:a9:79:79:7d:85:7e:<wbr>f1:f2:36:9d:ef:</div><div> 9f:8c:a8:3a:bf:57:5c:2e:6b:5d:<wbr>2e:91:ba:c6:b7:</div><div> b2:b1:dd:45:de:e6:d4:fe:01:f4:<wbr>d2:bd:99:9f:9a:</div><div> 71:1d:d4:e4:a7:cd:9e:f3:36:a7:<wbr>a0:73:55:6b:04:</div><div> 66:ab:c3:63:b3:41:06:ac:c8:c8:<wbr>3a:4c:eb:83:78:</div><div> 6e:e8:b6:0f:94:fa:a8:7e:7d:89:<wbr>44:d1:bd:be:14:</div><div> df:0c:ce:4d:b4:e6:0a:e2:d7:84:<wbr>95:4b:a1:3e:53:</div><div> c9:04:3f:7b:de:1b:fd:7b:b5:b0:<wbr>69:3b:f9:f2:b5:</div><div> a7:fe:6d:9d:62:6e:9a:fc:1e:32:<wbr>69:ad:4c:ae:e3:</div><div> 61:dd:92:99:34:4b:bf:6b:02:88:<wbr>18:88:a2:0f:ca:</div><div> e8:6e:91:f0:e6:2e:4d:83:f6:05:<wbr>7e:ed:f2:f1:3e:</div><div> b2:36:3f:de:3f:db:93:73:5b:60:<wbr>ee:8c:48:e0:c0:</div><div> 4c:0e:6a:63:1a:16:af:9e:28:93:<wbr>40:39:23:bf:d0:</div><div> 77:9c:b7:80:d3:c3:42:d8:27:db:<wbr>d7:4b:e5:3f:b4:</div><div> d2:ad:57:c2:01:73:c8:45:26:f1:<wbr>00:93:50:3e:cf:</div><div> 7a:2d:25:d5:43:b6:a7:75:a1:ef:<wbr>58:f9:c9:11:e8:</div><div> 09:1d</div><div> Exponent: 65537 (0x10001)</div></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">2016-10-24 5:49 GMT+02:00 Fil Di Noto <span dir="ltr"><<a href="mailto:fdinoto@gmail.com" target="_blank">fdinoto@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hi,<div><br></div><div>Can you give an example of what's different between the two subjects?</div></div><div class="gmail_extra"><br><div class="gmail_quote"><div><div class="m_-8502744259752002475h5">On Sun, Oct 23, 2016 at 9:03 AM, David Dejaeghere <span dir="ltr"><<a href="mailto:david.dejaeghere@gmail.com" target="_blank">david.dejaeghere@gmail.com</a>></span> wrote:<br></div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div class="m_-8502744259752002475h5"><div dir="ltr">Does somebody have an idea how to replace our certificates when the new ROOT ca certificate has a different subject?<div>The UI is down because of this.</div></div><div class="gmail_extra"><br><div class="gmail_quote">2016-10-19 11:42 GMT+02:00 David Dejaeghere <span dir="ltr"><<a href="mailto:david.dejaeghere@gmail.com" target="_blank">david.dejaeghere@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Hello,<div><br></div><div>When installing FreeIPA we used the CA from our Windows servers.</div><div>This one recently expired and we created a new one. It seems that the new root CA has another subject name and this seems to be an issue when we want to install new certs on our FreeIPA hosts.</div><div><br></div><div><div>ipa-cacert-manage install certnew.pem -n mycert -t C,,</div><div><br></div><div>Installing CA certificate, please wait</div><div>Failed to install the certificate: subject public key info mismatch</div></div><div><br></div><div>After validating the subjects are indeed different.</div><div><br></div><div>How can we replace the required certs for dirsrv and http when the ca is not installable?<br><br>Kind Regards,</div><div><br></div><div>David</div><div><br></div><div><br></div></div>
</blockquote></div><br></div>
<br></div></div><span class="m_-8502744259752002475HOEnZb"><font color="#888888">--<br>
Manage your subscription for the Freeipa-users mailing list:<br>
<a href="https://www.redhat.com/mailman/listinfo/freeipa-users" rel="noreferrer" target="_blank">https://www.redhat.com/mailman<wbr>/listinfo/freeipa-users</a><br>
Go to <a href="http://freeipa.org" rel="noreferrer" target="_blank">http://freeipa.org</a> for more info on the project<br></font></span></blockquote></div><br></div>
</blockquote></div><br></div>
</div></div></blockquote></div><br></div>