Hi Flo, Rob,

On 12/14/17 9:27 AM, Florence Blanc-Renaud via FreeIPA-users wrote:

The files should contain multiple certificates (IPA CA and the external CA 
certificates). If it is not the case, please check first if there were AVC 
issues (if running in SElinux enforcing mode), and feel free to file a bug.


You are right, its a set of certificates.

One last question: Is it safe to drop the old root CA from the
certutil database? Its no longer in LDAP, anyway. "getcert list"
doesn't mention any certificates derived from the old PKI, either.


I highly appreciate your support and patience

Regards
Harri
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to