"Failed to install the certificate: subject public key info mismatch" error when installing third-party CA certificate in IPA
Issue
Our IPA certificate authority (CA) is externally-signed by a root authority which was been superseded, or we are not using IPA's CA at all and use a third-party CA for issuing our certificates.
When we use the ipa-cacert-manage renew
command to replace the superseded root CA certificate with the new root CA certificate, the following error message is returned:
[root@ipaserver1 ~]# ipa-cacert-manage -n 'Internal Root CA' -t C,, install ca-chain.pem_orig
Installing CA certificate, please wait
Failed to install the certificate: subject public key info mismatch
The ipa-cacert-manage command failed.
Environment
Red Hat Enterprise Linux 7
IPAv4 in a CA-less configuration or with an externally signed IPA CA certificate
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.