The ipa-cert-fix utility has been added to renew system certificates when IdM is offline. For details, see Section 26.2.3, “Renewing Expired System Certificates When IdM is Offline”.

IdM now supports IP addresses in the SAN extension of certificates: in certain situations, administrators need to issue certificates with an IP address in the Subject Alternative Name (SAN) extension. Starting with this release, administrators can set an IP address in the SAN extension if the address is managed in the IdM DNS service and associated with the subject host or service principal.

For further changes in this release, see the following sections in the Red Hat Enterprise Linux 7.7 Release Notes:

For changes in this release, see the following sections in the Red Hat Enterprise Linux 7.6 Release Notes:

For changes in this release, see the following sections in the Red Hat Enterprise Linux 7.5 Release Notes:

This version changed the SSL back end for client HTTPS connections from Network Security Services (NSS) to OpenSSL. As a consequence, the Registration Authority (RA) stores now its certificate in the /var/lib/ipa/ directory instead of an NSS database.

For further changes in this release, see the following sections in the Red Hat Enterprise Linux 7.4 Release Notes:

The new ipa replica-manage clean-dangling-ruv command enables administrators to remove all relative update vectors (RUV) from an uninstalled replica.

The new ipa server-del command enables administrators to uninstall an IdM server.

The following commands introduced in this version enable administrators to manage IdM Certificate Authorities (CA):

The following commands introduced in this version replace the ipa-replica manage command to manage replication agreements:

The following commands introduced in this version enable administrators to display a list of IdM servers stored in the cn=masters,cn=ipa,cn=etc,domain_suffix entry:

The certmonger helper scripts have been moved from the /usr/lib64/ipa/certmonger/ to the /usr/libexec/ipa/certmonger/ directory.

This version introduced domain levels and the following commands to display and set the domain level:

For further changes in this release, see the following sections in the Red Hat Enterprise Linux 7.3 Release Notes:

Support for multiple certificate profiles and user certificates: Identity Management now supports multiple profiles for issuing server and other certificates instead of only supporting a single server certificate profile. The profiles are stored in the Directory Server and shared between IdM replicas. In addition, the administrator can now issue certificates to individual users. Previously, it was only possible to issue certificates to hosts and services.

For further changes in this release, see the New Features - Authentication and Interoperability section in the Red Hat Enterprise Linux 7.2 Release Notes.

The following commands introduced in this version replace the ipa-getkeytab -r command to retrieve keytabs and set retrieval permissions:

For further changes in this release, see the New Features - Authentication and Interoperability section in the Red Hat Enterprise Linux 7.1 Release Notes.

For changes in this release, see the New Features - Authentication and Interoperability section in the Red Hat Enterprise Linux 7.0 Release Notes.