[Freeipa-users] Promoting a replica to a FreeIPA server without primary server
Прохоров Сергей
sprokhorov at intech-global.com
Thu Apr 9 09:35:32 UTC 2015
Thank you, Rob for your response
On 08.04.2015 21:07, Rob Crittenden wrote:
> I assume you can't do this because the original host is lost, right?
Year, you right.
> Every IPA master is a equal, some are just more equal than others. The
> key bit that distinguishes them is whether there is a CA installed. The
> other bit has to do with CRL generation and renewal which in your
> version can only be done on one host (neither of which apply to
> --selfsign anyway).
I want to clarify, I didn't use --selfsign key during primery server
installation. I suppose it's default key for CA, am I wrong?
On mycurrent ipa server (replica) I haven't CA.
> You mention migrating. What new primary server?
I'm telling about installation of new freeipa server and copy all data
there.
> So I'd start digging around to see if you have the original CA private
> key somewhere. The end of the IPA server install would have recommending
> backing up cacert.p12.
>
I have backup of cacert.p12 key.
--
Best regards,
Prokhorov Sergey
Senior System Engineer of INTECH LTD
e-mail: sprokhorov at intech-global.com
More information about the Freeipa-users
mailing list