[Freeipa-users] Upgrade/Migration steps
Joshua J. Kugler
joshua at azariah.com
Sat Jun 22 19:37:03 UTC 2013
On Friday, June 21, 2013 13:25:24 Joshua J. Kugler wrote:
> [root at ipa0 slapd-PKI-IPA]# grep nsslapd-secur /etc/dirsrv/slapd-PKI-
> IPA/dse.ldif
> [root at ipa0 slapd-PKI-IPA]#
>
> So, it apparently is not in there at all. There are a couple dse.ldif
> backup configs in that dir, but nothing in them either.
>
> In the dse.ldif for slapd-LAB-WHAMCLOUD-COM I do see:
>
> nsslapd-security: on
>
> of course.
Further investigation.
In the dse.ldif for slapd-PKI-CA, there is:
nsslapd-certdir: /etc/dirsrv/slapd-PKI-IPA
There is a cert8.db and key3.db file in there.
However:
root at ipa0 slapd-PKI-IPA]# certutil -d ./ -L
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
[root at ipa0 slapd-PKI-IPA]#
Apparently no certs.
The cert for slapd-LAB-WHAMCLOUD-COM has this info:
issuer: CN=Certificate Authority,O=LAB.WHAMCLOUD.COM
subject: CN=ipa0.lab.whamcloud.com,O=LAB.WHAMCLOUD.COM
Since it's the same hostname, could I just copy the db files from there into
/etc/dirsrv/slapd-PKI-CA?
j
--
Joshua J. Kugler -- Fairbanks, AK
Blogs: http://jjncj.com/blog/ (Family) -- http://joshuakugler.com (Geek)
Every knee shall bow, and every tongue confess, in heaven, on earth, and under
the earth, that Jesus Christ is LORD
More information about the Freeipa-users
mailing list