Hi, I've got a client whose IPA system took a nose dive recently. Their CA master server had certs expire on them and is no longer functioning.
The master was brought down and LDAP started working again, but now they're left with one replica, which is not a master CA. I still have full access to all the files on the original master, but it is no longer in a replication agreement and IPA will not restart.
Is there any way to set up a new CA on the replica using the key from the original, so that I can then follow the steps to promote the replica to the master CA that handles renewals/CRL?
The versions are FreeIPA 4.4 on CentOS 7.3.1611
FreeIPA - I have a working replica, but without a working CA
-
- Posts: 1
- Joined: 2017/08/19 20:00:59