Red Hat Training
A Red Hat training course is available for Red Hat Enterprise Linux
26.4. Changing the Certificate Chain
You can modify the certificate chain by renewing the CA certificate using the ipa-cacert-manage renew.
- Self-signed CA certificate → externally-signed CA certificate
- Add the
--external-ca
option to ipa-cacert-manage renew. This renews the self-signed CA certificate as an externally-signed CA certificate.For details on running the command with this option, see Section 26.2.2, “Renewing CA Certificates Manually”. - Externally-signed CA certificate → self-signed CA certificate
- Add the
--self-signed
option to ipa-cacert-manage renew. This renew the externally-signed CA certificate as a self-signed CA certificate.