Can I use my own root CA?

Hello,

I already my own PKI setup; can I use my own root CA for UCS? My naive expectation is to replace CAcert.pem
and CAcert.key (under /etc/univention/ssl/) by my version, and re-generate the existing certs. Is it going to work?

thanks in advance for any hint

I answer my own question, in case someone might need it:

(1) replace these files by my own version (in my case I had already another UCS master):
/etc/univention/ssl/password
/etc/univention/ssl/ucsCA/CAcert.pem
/etc/univention/ssl/ucsCA/private/CAkey.pem

(2) re-create the certs:

eval "$(ucr shell)"
cd  /etc/univention/ssl
for i in *".$domainname"; do univention-certificate renew -name "$i" -days "$(ucr get ssl/default/days)"; done