26.3. Installing a CA Certificate Manually

To install a new certificate to IdM, use the ipa-cacert-manage install command. For example, the command allows you to change the current certificate when it is nearing its expiration date.

Run the ipa-cacert-manage install command, and specify the path to the file containing the certificate. The command accepts PEM-formatted certificate files:
```
[root@server ~]# ipa-cacert-manage install /etc/group/cert.pem
```
The certificate is now present in the LDAP certificate store.
Run the ipa-certupdate utility on all servers and clients to update them with the information about the new certificate from LDAP. You must run ipa-certupdate on every server and client separately.
Important
Always run ipa-certupdate after manually installing a certificate. If you do not, the certificate will not be distributed to the other machines.

The ipa-cacert-manage install command can take the following options:

-n: gives the nickname of the certificate; the default value is the subject name of the certificate
-t: specifies the trust flags for the certificate in the certutil format; the default value is C,,. For information about the format in which to specify the trust flags, see the ipa-cacert-manage(1) man page.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

Services

Tools

Red Hat Insights

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

26.3. Installing a CA Certificate Manually