[Freeipa-users] How to restore IPA Master/Replicas

Rob Crittenden rcritten at redhat.com
Tue May 22 21:43:58 UTC 2012 

Steven Jones wrote:
>> From the 18.8.2 section point 2,
>
> "[root at ipaserver ~]# pk12util -o /path/to/cacert.p12 -n "EXAMPLE.COM IPA CA" -d /etc/
> dirsrv/slapd-EXAMPLE-COM"
>
> the -o option is the one below?
>
> [root at vuwunicoipam001 ~]# find /etc/ -name cacert*
> /etc/httpd/alias/cacert.p12
>
> ?
>
> I think an explanation of what Im meant to be looking for might help...

You're using a self-signed CA?

The -o is what you defined as /path/to/cacert.p12. It is wherever you 
want to store the file.

This documentation is incorrect though, I thought I had filed a bug on 
this already. In a self-signed CA the root certificate is in 
/etc/httpd/alias and not in a 389-ds instance at all. So for step 2 
you'd replace /etc/dirsrv/slapd-EXAMPLE-COM with /etc/httpd/alias.

What this is doing is creating a file to transport the self-signed CA 
private keys and certificate securely from one location to another.

This is assuming the original master is around. If it is then you can do 
this. If not then you saved /root/cacert.p12 from the initial install, 
right?

rob

>
> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>
> ________________________________________
> From: freeipa-users-bounces at redhat.com [freeipa-users-bounces at redhat.com] on behalf of Steven Jones [Steven.Jones at vuw.ac.nz]
> Sent: Wednesday, 23 May 2012 8:11 a.m.
> Cc:<freeipa-users at redhat.com>
> Subject: [Freeipa-users] How to restore IPA Master/Replicas
>
> Hi,
>
> My master is it seems dead and has been for a week, RH supprt cannot recover it.....so I need to move on and rebuild it.....first it looks like I need to promote my replica to be the master.
>
> Do we have any good docs/procedures for the above?
>
> regards
>
> Steven Jones
>
> Technical Specialist - Linux RHCE
>
> Victoria University, Wellington, NZ
>
> 0064 4 463 6272
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users
>
> _______________________________________________
> Freeipa-users mailing list
> Freeipa-users at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-users

More information about the Freeipa-users mailing list