Hi Flo, Rob, On 12/14/17 9:27 AM, Florence Blanc-Renaud via FreeIPA-users wrote:
The files should contain multiple certificates (IPA CA and the external CA certificates). If it is not the case, please check first if there were AVC issues (if running in SElinux enforcing mode), and feel free to file a bug.
You are right, its a set of certificates. One last question: Is it safe to drop the old root CA from the certutil database? Its no longer in LDAP, anyway. "getcert list" doesn't mention any certificates derived from the old PKI, either. I highly appreciate your support and patience Regards Harri _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org