Hi, On Thu, Feb 6, 2025 at 12:18 PM N. V. via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
> Hi, > > In our FreeIPA deployment we need to find a way to rekey the self-signed > root CA and afterwards update the chain and the certificates all the way > down. I have been unable to find detailed instructions in the official > documentation or through my own research, so I am reaching out for guidance. > > Could someone please provide instructions or point me to any relevant > resources on how to properly rekey the self-signed root CA in FreeIPA? Any > advice, tips, or potential pitfalls to avoid during this process would be > greatly appreciated. > Unfortunately we don't have any solution yet for this type of request. Please read more in *Bug 1873696* <https://bugzilla.redhat.com/show_bug.cgi?id=1873696> - [RFE] Need an option to replace the root CA key with another key with 3072 bits It would require to cross-sign the old CA with the new one but we never managed to find time to investigate this possibility. flo > Thank you in advance for your assistance! > > Nelson V. > -- > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue >
-- _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
