Hi Rob,
Thanks for the reply.
As Subject Key Identifier extension is mush in CA cert we cant go ahead with changing the
current ca certification.
Then we tried changing the cert for apache alone using the below commands with the root
and intermediate certs from a different CA, but that also fails. Please see the error
below:
--------------------------------------------------------------------------------
[root@ldmserver01 sg]# ipa-server-certinstall -w key.pem server.cert.pfx
Directory Manager password:
Enter private key unlock password:
Can't load private key from both key.pem and server.cert.pfx
The ipa-server-certinstall command failed.
[root@ldmserver01 sg]# ipa-server-certinstall -w key.pem server.cert.pfx
Directory Manager password:
Enter private key unlock password:
Failed to load server.cert.pfx
The ipa-server-certinstall command failed.
[root@ldmserver01 sg]#
--------------------------------------------------------------------------------
Could you please help us understand what might be wrong here? We also verified the
server-cert using below command:
openssl pkcs12 -info -in server.cert.pfx
Above command result confirms that the cert and ca-chian are correct.
Please advice.
Thanks,
Saurabh Garg