Hi, On Sun 6 Jul 2025 at 23:46, Kathy Zhu via FreeIPA-users < [email protected]> wrote:
> Hello team, > > From my reading, it is possible to migrate IPA from a self signed root CA > to an external signed one, after the migration, I know: > > 1. all IPA clients should "ipa-certupdate" to get the new CA > > I do not know: > > 1. what will happen to the SSL certificates issued with the old self > signed root CA? > > The new CA is signed externally but is still based on the same private key. Certificates issued by the old CA are still valid and can still be used. > 1. > 2. what will happen to the subCA issued with the old self signed root > CA? > > Same answer, subcas signed by the old CA are still valid. flo > > 1. > > Could someone share the answers? Thanks. > > Kathy. > -- > _______________________________________________ > FreeIPA-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
-- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
