Hi, On Wed, Oct 18, 2023 at 4:11 PM Frederic Ayrault <[email protected]> wrote:
> Bonjour, > > Le 18/10/2023 à 15:33, Florence Blanc-Renaud a écrit : > > Hi, > > > CNRS2 and CNRS2-Standard are part of the CA chain that issued your HTTP > and LDAP server certificates, they should not be removed. > When you install a new embedded IPA CA, it doesn't replace the existing > HTTP and LDAP server certificates with new ones issued by IPA CA. You will > be able to remove CNRS2 and CNRS2-standard (IF you don't use any other cert > issued by them) only when the HTTP and LDAP server certs are replaced with > new ones issued by IPA CA (which is a manual operation). > > > I was thinking/hoping the new IPA CA will replace the old one :-( > > How should I proceed ? > > The process is documented in https://access.redhat.com/documentation/fr-fr/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/replace-http-ldap-cert#doc-wrapper You need to follow the steps using the integrated CA (the new one that you installed with ipa-ca-install). flo flo > > > > Thank you > > Regards, > > Frederic > >
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
