Red Hat Training

A Red Hat training course is available for Red Hat Enterprise Linux

26.3. Installing a CA Certificate Manually

To install a new certificate to IdM, use the ipa-cacert-manage install command. For example, the command allows you to change the current certificate when it is nearing its expiration date.
  1. Run the ipa-cacert-manage install command, and specify the path to the file containing the certificate. The command accepts PEM-formatted certificate files:
    [root@server ~]# ipa-cacert-manage install /etc/group/cert.pem
    The certificate is now present in the LDAP certificate store.
  2. Run the ipa-certupdate utility on all servers and clients to update them with the information about the new certificate from LDAP. You must run ipa-certupdate on every server and client separately.


    Always run ipa-certupdate after manually installing a certificate. If you do not, the certificate will not be distributed to the other machines.
The ipa-cacert-manage install command can take the following options:
gives the nickname of the certificate; the default value is the subject name of the certificate
specifies the trust flags for the certificate in the certutil format; the default value is C,,. For information about the format in which to specify the trust flags, see the ipa-cacert-manage(1) man page.