We have IdM / FreeIPA running on RHEL 7 boxes. This is a 6-node cluster that has an existing 1-way trust back to Active Directory.
IdM is still acting as the CA for its own clients, and when we setup the trust, we used the following command: ipa trust-add --type=ad example.com --admin admin_user We just learned very recently that our Active Directory team is generating and installing a new Root CA certificate into AD. That is happening tonight at 9pm. The existing Root CA will remain in place until it expires in about 1 month. Is there anything that we will have to do to IdM to get it to trust the new certificate? Even though the existing Root CA should remain in place for the next month, is there any chance something will break tonight when the new Root certificate is installed? I know we would be facing a lot more work, had we used AD’s Root CA for the client connections. So I feel fortunate in that regard. _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
