I'm using FreeIPA version 4.5
My 3rd party domain certificate expired. Can I just copy the new crt & key files over the old ones (they have the same file names) and restart ipa?
Or do I need to use the ipa-server-certinstall command to install the new certificate?
The problem I ran into was that I could not start the ipa service because of an expired certificate. To get around this issue I completed the following steps:
date -s "1 FEB 2019 00:00:00"systemctl start ipadate
-s "17 FEB 2019 11:45:00"After completing those steps I was then able to execute:
ipa-server-certinstall -p DMPassword -w -d /etc/pki/private/mycert.pem /etc/pki/public/mycert.crt
where the mycert.pem & mycert.crt files are the new key and cert.
Finally I restarted the ipa service by executing: systemctl restart ipa
IPA is now running as expected with the new certificates.