How do I manually renew Identity Management (IPA) certificates on RHEL6 after they have expired? (Master IPA Server)

Solution Verified - Updated -


In normal operation it’s expected that renewal of IPA subsystem certificates is working smoothly starting with Red Hat Enterprise Linux 6.4 . Unfortunately in reality there are sometimes issues to renew those certificates and a manual recovery is necessary in case certificates are already expired.


  • Red Hat Enterprise Linux 6
  • Red Hat Identity Management (IPA) v3

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In