Does somebody have an idea how to replace our certificates when the new
ROOT ca certificate has a different subject?
The UI is down because of this.

2016-10-19 11:42 GMT+02:00 David Dejaeghere <>:

> Hello,
> When installing FreeIPA we used the CA from our Windows servers.
> This one recently expired and we created a new one.  It seems that the new
> root CA has another subject name and this seems to be an issue when we want
> to install new certs on our FreeIPA hosts.
> ipa-cacert-manage install certnew.pem -n mycert -t C,,
> Installing CA certificate, please wait
> Failed to install the certificate: subject public key info mismatch
> After validating the subjects are indeed different.
> How can we replace the required certs for dirsrv and http when the ca is
> not installable?
> Kind Regards,
> David
Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to