[Freeipa-users] freeipa master server disaster recovery

[James Roman]

> The bug outlines how to promote a replica to be the primary "master". 
> You basically just need to import the CA and setup the serial number 
> file.
>
> So lets say you had a master and 2 replicas. In reality the only thing 
> that differentiates the first master is that it was installed first so 
> has the CA. As far as data replication goes there is no distinction, 
> they are all equal.
>
Along these lines, does this mean if I have imported certificates signed 
by a third party CA on all my freeipa servers, that all I would need to 
do is update the replication agreements (in my case for freeIPA and AD)?