Dealing with expiring IDM CA certificates on Red Hat Enterprise Linux 6 and 7

Solution Verified - Updated -

Issue

While an IDM domain installed on RHEL 6.10 has a twenty year CA certificate lifetime, older RHEL 6 IDM set a Certificate Authority lifetime of eight years.
RHEL 6.0 was released in 2010 so some of the CA certificates of the first IDM installs are now set to expire in the coming years. Moreover, RHEL 6 Maintenance Phase 2 ends November 30, 2020. Migrating the IDM servers to RHEL7 must be done within that time frame too.
Clusters migrated from an older RHEL6 to RHEL7 or even RHEL8 will exhibit the same issue unless corrective action is taken.
The CA renewal and certificate renewal tooling shipped in RHEL 7.7 makes this easier.

Environment

  • Red Hat Enterprise Linux (RHEL) 6, 7, 8
  • Red Hat Identity Management (IDM) originally installed on RHEL 6
  • IDM CA self-signed certificate expiring "soon" or already expired

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content