[Freeipa-users] I think I trashed my FreeIPA CA - how to recover?
Brian Topping
brian.topping at gmail.com
Tue Jan 13 09:38:25 UTC 2015
On Jan 13, 2015, at 1:56 PM, Brian Topping <brian.topping at gmail.com> wrote:
>
> Hi folks, really pleased with the latest versions of FreeIPA. Very robust, quite impressive!
>
> In the process of setting it up, I ended up having to move servers a couple of times. The original server is gone, just replicas that installed cleanly with each other.
Ok, I think I have this sorted -- somewhat.
After pawing through the Tomcat configuration for Dogtag, I traced back to the pki-tomcatd at pki-tomcat.service <mailto:pki-tomcatd at pki-tomcat.service> not running. Once that started, the relevant information was available to the UI. There are a sufficient number of certificates that I think everything is in order. Whew.
What I realize now is the certificate CRL points to the server that no longer exists and I'd like to get that cleaned up. I found http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master <http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master>, is that relevant for my situation?
Thanks, Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150113/6c5ce895/attachment.htm>
More information about the Freeipa-users
mailing list