Our IPA certificate authority (CA) is externally-signed by a root authority which was been superseded, or we are not using IPA's CA at all and use a third-party CA for issuing our certificates.
When we use the
ipa-cacert-manage renew command to replace the superseded root CA certificate with the new root CA certificate, the following error message is returned:
[root@ipaserver1 ~]# ipa-cacert-manage -n 'Internal Root CA' -t C,, install ca-chain.pem_orig Installing CA certificate, please wait Failed to install the certificate: subject public key info mismatch The ipa-cacert-manage command failed.
Red Hat Enterprise Linux 7
IPAv4 in a CA-less configuration or with an externally signed IPA CA certificate
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.