Leo O via FreeIPA-users wrote: > I was googling too, but couldn't really find anything helpful. To me, it > looks like a big pain in the ass, this custom certificate handling in > freeipa, especially when using freeipa inside docker. I haven't even updated > it in a while, who knows what other issues I will face when trying that.
It is only a pain if you don't renew them on time. It's a manual thing. With the IPA CA it is more (or less) automatic. > Do you know, how (if even possible) to revert all that ssl cert stuff back to > the default behaviour, I think it was with freeipa self signed certificates? You'd need to set the system time back to when the certificates are valid. You can do this to install the new certs as well. If the keys didn't change you can also just replace the existing certificates with the new ones. Also possible if the private keys changed but it'd require conversion to PKCS#12 first. rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
