"Failed to install the certificate: subject public key info mismatch" error when installing third-party CA certificate in IPA

Solution In Progress - Updated -

Issue

Our IPA certificate authority (CA) is externally-signed by a root authority which was been superseded, or we are not using IPA's CA at all and use a third-party CA for issuing our certificates.

When we use the ipa-cacert-manage renew command to replace the superseded root CA certificate with the new root CA certificate, the following error message is returned:

[root@ipaserver1 ~]# ipa-cacert-manage -n 'Internal Root CA' -t C,, install ca-chain.pem_orig
Installing CA certificate, please wait
Failed to install the certificate: subject public key info mismatch
The ipa-cacert-manage command failed.

Environment

Red Hat Enterprise Linux 7
IPAv4 in a CA-less configuration or with an externally signed IPA CA certificate

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content