From https://lists.fedoraproject.org/archives/list/freeipa-devel@lists.fedorahosted.org/message/SYWWVULCMQZI4G6JN5LZJUQB7IYRGFRW/
If the CA chain is retrieved over HTTP (unsecure) then it fetches it from /usr/share/ipa/html/ca.crt
Apparently this file is not updated by ipa-cacert-manage.
According to the doc Renewing CA Certificates Manually, ipa-certupdate needs to be run after ipa-cacert-manage renew. Was it the case?
I look into the code and it does get updated by ipa-cacert-manage. Closing as invalid.
Metadata Update from @rcritten: - Issue close_status updated to: invalid - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.