[Freeipa-users] migration 3.3->4.1 & CA change
Jan Cholasta
jcholast at redhat.com
Thu Oct 23 07:00:22 UTC 2014
Hi,
Dne 23.10.2014 v 08:47 Petr Spacek napsal(a):
> On 22.10.2014 22:06, William Graboyes wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA512
>>
>> Hello List,
>>
>> So the whole not being able to change the CA easily is becoming a
>> regular point of contention in meetings. If I have read the e-mails
>> on this list correctly this issue is fixed in 4.1. After spending a
>> large amount of time thinking about this, I believe I have come to a
>> solution that will appease management, my coworkers, and myself.
>>
>> Here is what I am thinking of doing. I am thinking I will install
>> FC21 VM with free-IPA (which should be 4.1) then migrating my current
>> install over there, followed by changing the CA to that of my
>> contracted CA and third party issuer.
>>
>> The questions that come to mind are:
>>
>> 1) how does one migrate the information over to a new install, in this
>> case 3.3 to 4.1 on separate servers?
> You should be able to simply add FreeIPA 4.1 replica to existing 3.3
> deployment. Please make sure that your 3.3 it updated with latest
> packages, older versions of DS had some problems with replication to
> newest version AFAIK.
>
>> 2) is there any documentation on the process of changing the CA in 4.1?
> Honza, can you add some details?
You can fid more info at
<http://www.freeipa.org/page/V4/CA_certificate_renewal>
>
>> 3) am I insane for wanting to introduce FC21 into my environment?
>> 4) has anyone done this, and what was your experience with doing so?
>
Honza
--
Jan Cholasta
More information about the Freeipa-users
mailing list