TDH Innovation CDH Mailbox via FreeIPA-users wrote:
Dear Stephan,
thanks for your reply.
We are facing a similar issue (on cloudera CDH) and I wanted to ask you
how you
> removed the expired X3 CA and cross-signed X1 with
`ipa-cacert-manage` (using the force flag),
I do not see force flag in my v. (4.6.4) of the command...
The delete option was added in IPA 4.9.0.
You'd need to remove any certificates using an ldap editor or
ldapmodify/ldapdelete. The DN is going to look something like:
cn=SOME SUBJECT NAME,cn=certificates,cn=ipa,cn=etc,dc=example,dc=test
Just be careful, this is dealing with some IPA internals and you could
easily shoot yourself in the foot. I'd recommend saving off a copy of
the entry before trying to remove it so you can restore it if something
goes wrong.
Or snapshot your install. Or both.
rob