Hi Flo, Rob,
On 12/14/17 9:27 AM, Florence Blanc-Renaud via FreeIPA-users wrote:
The files should contain multiple certificates (IPA CA and the
external CA certificates). If it is not the case, please check first if there were AVC
issues (if running in SElinux enforcing mode), and feel free to file a bug.
You are right, its a set of certificates.
One last question: Is it safe to drop the old root CA from the
certutil database? Its no longer in LDAP, anyway. "getcert list"
doesn't mention any certificates derived from the old PKI, either.
I highly appreciate your support and patience
Regards
Harri