Search
SupportConsoleDevelopersStart a trialContact

26.3. Installing a CA Certificate Manually

download PDF
To install a new certificate to IdM, use the ipa-cacert-manage install command. For example, the command allows you to change the current certificate when it is nearing its expiration date.
  1. Run the ipa-cacert-manage install command, and specify the path to the file containing the certificate. The command accepts PEM-formatted certificate files: 
    [root@server ~]# ipa-cacert-manage install /etc/group/cert.pem
    The certificate is now present in the LDAP certificate store.
  2. Run the ipa-certupdate utility on all servers and clients to update them with the information about the new certificate from LDAP. You must run ipa-certupdate on every server and client separately.
    Important
    Always run ipa-certupdate after manually installing a certificate. If you do not, the certificate will not be distributed to the other machines.
The ipa-cacert-manage install command can take the following options:
-n
gives the nickname of the certificate; the default value is the subject name of the certificate
-t
specifies the trust flags for the certificate in the certutil format; the default value is C,,. For information about the format in which to specify the trust flags, see the ipa-cacert-manage(1) man page.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.