Leo O via FreeIPA-users wrote:
I was googling too, but couldn't really find anything helpful. To
me, it looks like a big pain in the ass, this custom certificate handling in freeipa,
especially when using freeipa inside docker. I haven't even updated it in a while, who
knows what other issues I will face when trying that.
It is only a pain if you don't renew them on time. It's a manual thing.
With the IPA CA it is more (or less) automatic.
Do you know, how (if even possible) to revert all that ssl cert stuff
back to the default behaviour, I think it was with freeipa self signed certificates?
You'd need to set the system time back to when the certificates are
valid. You can do this to install the new certs as well.
If the keys didn't change you can also just replace the existing
certificates with the new ones. Also possible if the private keys
changed but it'd require conversion to PKCS#12 first.
rob