FreeIPA - I have a working replica, but without a working CA

Issues related to applications and software problems
Post Reply
useratlocalhost
Posts: 1
Joined: 2017/08/19 20:00:59

FreeIPA - I have a working replica, but without a working CA

Post by useratlocalhost » 2017/08/19 20:05:52

Hi, I've got a client whose IPA system took a nose dive recently. Their CA master server had certs expire on them and is no longer functioning.

The master was brought down and LDAP started working again, but now they're left with one replica, which is not a master CA. I still have full access to all the files on the original master, but it is no longer in a replication agreement and IPA will not restart.

Is there any way to set up a new CA on the replica using the key from the original, so that I can then follow the steps to promote the replica to the master CA that handles renewals/CRL?

The versions are FreeIPA 4.4 on CentOS 7.3.1611
Top
Post Reply

Return to “CentOS 7 - Software Support”