Happy new year, everyone. We have an unused letsencrypt CA cert and associated the DSTRootCAX3 cert installed on version 4.8.7. Due to firewall issues, we moved to a paid commercial cert (Comodo) for the https service. My question is, how can we remove the two unused CA certs? If we do so, is it necessary to update the clients with ipa-certupdate, or will the removal be transparent?
~]# ipa-cacert-manage list xxx.xxx.xxx.edu IPA CA DSTRootCAX3 letsencryptx3 CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US CN=InCommon RSA Server CA,OU=InCommon,O=Internet2,L=Ann Arbor,ST=MI,C=US The ipa-cacert-manage command was successful -Scott
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
