Red Hat SummitEste contenido no está disponible en el idioma seleccionado.
26.3. Installing a CA Certificate Manually
To install a new certificate to IdM, use the ipa-cacert-manage install command. For example, the command allows you to change the current certificate when it is nearing its expiration date.
- Run the ipa-cacert-manage install command, and specify the path to the file containing the certificate. The command accepts PEM-formatted certificate files:
[root@server ~]# ipa-cacert-manage install /etc/group/cert.pem
The certificate is now present in the LDAP certificate store. - Run the
ipa-certupdateutility on all servers and clients to update them with the information about the new certificate from LDAP. You must runipa-certupdateon every server and client separately.ImportantAlways runipa-certupdateafter manually installing a certificate. If you do not, the certificate will not be distributed to the other machines.
The ipa-cacert-manage install command can take the following options:
- -n
- gives the nickname of the certificate; the default value is the subject name of the certificate
- -t
- specifies the trust flags for the certificate in the
certutilformat; the default value is C,,. For information about the format in which to specify the trust flags, see the ipa-cacert-manage(1) man page.
