Does anybody have a clue on how to continue with this? Kind Regards,
David 2016-10-24 10:10 GMT+02:00 David Dejaeghere <david.dejaegh...@gmail.com>: > These are both the subjects for the old and new root ca cert. > > Subject: "CN=tokio-PAPRIKA-CA,DC=tokio,DC=local" > Subject Public Key Info: > Public Key Algorithm: PKCS #1 RSA Encryption > RSA Public Key: > Modulus: > d5:51:19:a0:7e:2f:b6:4b:cb:71:42:cb:38:bc:50:0a: > 18:16:58:07:11:c6:d3:ea:66:91:a8:52:02:54:93:28: > 78:a1:89:36:7a:0f:1e:2a:35:8a:da:85:05:c4:fe:de: > e8:6a:e8:fd:1b:89:44:8f:8c:62:d6:56:f7:9e:16:d5: > fd:b4:44:65:71:4f:1a:7d:d6:28:2d:5e:ad:c9:da:60: > 54:98:02:87:d9:43:62:ab:1b:93:c1:af:0b:b9:80:2e: > 08:f0:65:46:bf:de:78:c5:d2:19:b8:07:52:d6:01:ab: > d0:b2:7d:0a:7f:9f:fa:e8:8c:55:86:e0:d3:d5:ef:e7: > ad:6a:12:a2:b8:75:be:93:c2:05:df:99:a9:d8:a2:cc: > 7c:2b:49:d6:a3:65:0c:c8:ef:c3:a4:b6:f6:86:1d:c2: > 56:56:1b:0d:70:7a:67:15:49:2f:b7:92:8e:2a:94:57: > 53:26:ef:9a:af:89:fe:cb:1e:e7:ac:72:9a:cd:b4:22: > b1:22:02:fd:95:23:e0:65:d0:36:e8:e1:88:2b:35:02: > 99:1c:ee:84:10:80:84:a8:e5:61:04:6b:a3:6b:da:c5: > 49:36:ef:f6:48:09:2c:0d:7c:b2:52:4f:a6:72:cc:e6: > 30:b5:dd:a0:5b:0e:96:49:78:9d:1e:27:4e:02:40:a1 > Exponent: 65537 (0x10001) > > Subject: DC=local, DC=tokio, CN=tokio-PAPRIKA-CA > Subject Public Key Info: > Public Key Algorithm: rsaEncryption > Public-Key: (2048 bit) > Modulus: > 00:ae:32:35:fa:b5:f4:2d:b8:0c:c3:d9:b0:9f:a8: > 5d:21:90:58:a9:79:79:7d:85:7e:f1:f2:36:9d:ef: > 9f:8c:a8:3a:bf:57:5c:2e:6b:5d:2e:91:ba:c6:b7: > b2:b1:dd:45:de:e6:d4:fe:01:f4:d2:bd:99:9f:9a: > 71:1d:d4:e4:a7:cd:9e:f3:36:a7:a0:73:55:6b:04: > 66:ab:c3:63:b3:41:06:ac:c8:c8:3a:4c:eb:83:78: > 6e:e8:b6:0f:94:fa:a8:7e:7d:89:44:d1:bd:be:14: > df:0c:ce:4d:b4:e6:0a:e2:d7:84:95:4b:a1:3e:53: > c9:04:3f:7b:de:1b:fd:7b:b5:b0:69:3b:f9:f2:b5: > a7:fe:6d:9d:62:6e:9a:fc:1e:32:69:ad:4c:ae:e3: > 61:dd:92:99:34:4b:bf:6b:02:88:18:88:a2:0f:ca: > e8:6e:91:f0:e6:2e:4d:83:f6:05:7e:ed:f2:f1:3e: > b2:36:3f:de:3f:db:93:73:5b:60:ee:8c:48:e0:c0: > 4c:0e:6a:63:1a:16:af:9e:28:93:40:39:23:bf:d0: > 77:9c:b7:80:d3:c3:42:d8:27:db:d7:4b:e5:3f:b4: > d2:ad:57:c2:01:73:c8:45:26:f1:00:93:50:3e:cf: > 7a:2d:25:d5:43:b6:a7:75:a1:ef:58:f9:c9:11:e8: > 09:1d > Exponent: 65537 (0x10001) > > 2016-10-24 5:49 GMT+02:00 Fil Di Noto <fdin...@gmail.com>: > >> Hi, >> >> Can you give an example of what's different between the two subjects? >> >> On Sun, Oct 23, 2016 at 9:03 AM, David Dejaeghere < >> david.dejaegh...@gmail.com> wrote: >> >>> Does somebody have an idea how to replace our certificates when the new >>> ROOT ca certificate has a different subject? >>> The UI is down because of this. >>> >>> 2016-10-19 11:42 GMT+02:00 David Dejaeghere <david.dejaegh...@gmail.com> >>> : >>> >>>> Hello, >>>> >>>> When installing FreeIPA we used the CA from our Windows servers. >>>> This one recently expired and we created a new one. It seems that the >>>> new root CA has another subject name and this seems to be an issue when we >>>> want to install new certs on our FreeIPA hosts. >>>> >>>> ipa-cacert-manage install certnew.pem -n mycert -t C,, >>>> >>>> Installing CA certificate, please wait >>>> Failed to install the certificate: subject public key info mismatch >>>> >>>> After validating the subjects are indeed different. >>>> >>>> How can we replace the required certs for dirsrv and http when the ca >>>> is not installable? >>>> >>>> Kind Regards, >>>> >>>> David >>>> >>>> >>>> >>> >>> -- >>> Manage your subscription for the Freeipa-users mailing list: >>> https://www.redhat.com/mailman/listinfo/freeipa-users >>> Go to http://freeipa.org for more info on the project >>> >> >> >
-- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go to http://freeipa.org for more info on the project