[Freeipa-users] Cert Renewal
Rob Crittenden
rcritten at redhat.com
Mon Aug 25 22:36:36 UTC 2014
Ott, Dennis wrote:
> I have an IPA setup, one master, one replica; originally installed as v
> 2.x and later updated to v 3.0. For whatever reasons, the certs did not
> automatically renew and the services would no longer start. I updated
> the certs manually on the master using the procedure shown at:
>
>
>
> http://www.freeipa.org/page/IPA_2x_Certificate_Renewal
>
>
>
> The master is now functioning properly.
>
>
>
>
>
> At this point, the IPA service is still stopped on the replica. I
> hesitate to start it for concern it could interfere with the now-working
> master.
>
>
>
> What would be the recommended method for returning the replica to service?
It depends on whether the replica. Does it also run a CA? If not then
you can try restarting the certmonger service. This should cause it to
fetch new certificates for the other IPA servers. ipa-getcert list will
show you the status, wait until they are all MONITORING.
Once that works then you can safely restart the world. Any changes on
the master will be replicated out, and vice versa.
rob
More information about the Freeipa-users
mailing list