[Freeipa-users] Missing /var/lib/ipa/ca_serialno
Martin Kosek
mkosek at redhat.com
Wed Jul 23 16:07:05 UTC 2014
Ah, so this is all a matter of old docs. --selfsign installation are
deprecated, we now use "CA-less" instead.
I updated http://www.freeipa.org/page/Howto/Promoting_a_self-signed_FreeIPA_CA
and added a warning with links to appropriate resources.
HTH,
Martin
On 07/23/2014 05:54 PM, John Moyer wrote:
>
> http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/promoting-replica.html
> http://www.freeipa.org/page/Howto/Promoting_a_self-signed_FreeIPA_CA
>
>
> On 7/23/14, 11:21 AM, Rob Crittenden wrote:
>> John Moyer wrote:
>>> Hello All,
>>>
>>> I was going to promote one of my newer replica IPA servers to be the
>>> master of our IPA environment and noticed when following the procedures
>>> to do this that I'm apparently missing this file from my master IPA server:
>>>
>>> /var/lib/ipa/ca_serialno
>>>
>>> Is there a way to regenerate this file?
>>>
>>> I just made a replica like 3 weeks ago, so it definitely is the
>>> master, I'm just not sure why this file doesn't exist. Looked at my
>>> backups from the last 3 months and it hasn't existed in that time period.
>> That file was the source of serial numbers for what was called selfsign
>> mode (now deprecated in 3.3+). It installed a file-based CA on the
>> initial IPA master. You needed to pass --selfsign to the installer
>>
>> What docs are you working from that say you need to worry about this
>> file? They are likely ancient.
>>
>> rob
>>
>
>
>
>
> Thanks,
> ------------------------------------------------------------------------
> John Moyer
> Director, IT Operations
> 901 N. Stuart St. STE 904A
> Arlington,VA 22203
> 703.678.2311 Office
> 240.460.0023 Cell
> 703.678.2312 Fax
>
>
>
More information about the Freeipa-users
mailing list