ipa-server-certinstall replaces the LDAP and Apache certs but doesn't replace the CA cert in LDAP (and probably not in the filesystem either).
While doing this ticket, we should also revisit:
http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
Moving open tickets to next month bucket.
We agreed with Rob that CA cert replacement should be done in #3737. The patches provided for this ticket make ipa-server-certinstall work with both CA and CA-less installs as well as fix some other issues, but do not allow replacing CA cert.
Moving all non-critical bugs to 3.3.x bug fixing bucket (FreeIPA 3.3 final was released).
master:
and ipa-3-3:
Metadata Update from @rcritten: - Issue assigned to jcholast - Issue set to the milestone: FreeIPA 3.3.x - 2013/08 (bug fixing)
Login to comment on this ticket.