[Freeipa-users] Identifying current CA master
Martin Kosek
mkosek at redhat.com
Mon Feb 23 08:29:33 UTC 2015
On 02/21/2015 02:05 PM, Thomas Raehalme wrote:
> Hi!
>
> I am in the process of migrating FreeIPA master to another server following
> the instructions on page
> http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master.
>
> In the instructions 'post-save command' should have one of two given
> values, but when I execute the script on the current IPA master there is no
> value at all:
>
> # getcert list -d /var/lib/pki-ca/alias -n "subsystemCert cert-pki-ca" |
> grep post-save
> post-save command:
>
> Is this a problem?
Good question. You are most likely hitting bug
https://bugzilla.redhat.com/show_bug.cgi?id=1178190
that is planned to be fixed in RHEL-6.7.
It should only affect the display of the values, the actual storage and
execution should be OK. As indicated in the bug, you can verify the values are
set up correctly in /var/lib/certmonger/requests.
Does that help?
> We are using ipa-server-3.0.0-42 on CentOS 6.6. According to yum the
> original version which we installed is ipa-server-3.0.0-26.
>
> Best regards,
> Thomas
More information about the Freeipa-users
mailing list