"Failed to install the certificate: subject public key info mismatch" error when installing third-party CA certificate in IPA

Solution In Progress - Updated 2017-11-21T09:39:04+00:00 -

Issue

Our IPA certificate authority (CA) is externally-signed by a root authority which was been superseded, or we are not using IPA's CA at all and use a third-party CA for issuing our certificates.

When we use the ipa-cacert-manage renew command to replace the superseded root CA certificate with the new root CA certificate, the following error message is returned:

[root@ipaserver1 ~]# ipa-cacert-manage -n 'Internal Root CA' -t C,, install ca-chain.pem_orig
Installing CA certificate, please wait
Failed to install the certificate: subject public key info mismatch
The ipa-cacert-manage command failed.

Environment

Red Hat Enterprise Linux 7
IPAv4 in a CA-less configuration or with an externally signed IPA CA certificate

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

New to Red Hat?

Learn more about Red Hat subscriptions

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories