Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

26.4. Changing the Certificate Chain

You can modify the certificate chain by renewing the CA certificate using the ipa-cacert-manage renew.
Self-signed CA certificate → externally-signed CA certificate
Add the --external-ca option to ipa-cacert-manage renew. This renews the self-signed CA certificate as an externally-signed CA certificate.
For details on running the command with this option, see Section 26.2.2, “Renewing CA Certificates Manually”.
Externally-signed CA certificate → self-signed CA certificate
Add the --self-signed option to ipa-cacert-manage renew. This renew the externally-signed CA certificate as a self-signed CA certificate.