Show Table of Contents
26.3. Installing a CA Certificate Manually
To install a new certificate to IdM, use the
ipa-cacert-manage install command. For example, the command allows you to change the current certificate when it is nearing its expiration date.
- Run the
ipa-cacert-manage installcommand, and specify the path to the file containing the certificate. The command accepts PEM-formatted certificate files:[root@server ~]# ipa-cacert-manage install /etc/group/cert.pem
The certificate is now present in the LDAP certificate store. - Run the
ipa-certupdateutility on all servers and clients to update them with the information about the new certificate from LDAP. You must runipa-certupdateon every server and client separately.Important
Always runipa-certupdateafter manually installing a certificate. If you do not, the certificate will not be distributed to the other machines.
The
ipa-cacert-manage install command can take the following options:
- -n
- gives the nickname of the certificate; the default value is the subject name of the certificate
- -t
- specifies the trust flags for the certificate in the
certutilformat; the default value isC,,. For information about the format in which to specify the trust flags, see the ipa-cacert-manage(1) man page.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.