Hi All,

We are using our own (selfsigned) root CA for our installations.  We just started to use ipa and after exploring the possibilities we want to switch to the root CA we normally use.  According to [1]  it should be done using these instruction [2].  When we tray to renew the certificate we get this error:

[root@ipa ~]# ipa-cacert-manage renew --external-cert-file=/root/Certificate_Authority.pem --external-cert-file=root.cer
Importing the renewed CA certificate, please wait
CA certificate chain in /root/Certificate_Authority.pem, root.cert is incomplete: missing certificate with subject 'CN=Example SCRL'
The ipa-cacert-manage command failed.

When we check the subject of the file, it seems to be correct to me:

[root@ipa ~]# openssl x509 -noout -subject -in /root/root.cert
subject= /CN=Example SCRL

Is there anyone who can help me with this?

Kind regards,

wim vinckier.