When IPA's CA certificate is close to expiry date, renewing it doesn't push forward the expiry date

Solution Verified - Updated -

Issue

If your IPA's signing CA certificate is close to it's expiry date, renewing it results with a certificate that has the same expiry date as the previous one, and essentially doesn't solve the expiring issue.

Environment

RHEL 8+
FreeIPA/RH IDM with CA
caSigningCert cert-pki-ca close to it's expiry date - or already expired and date reverted to the last day before expiry.

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content