[Freeipa-users] I think I trashed my FreeIPA CA - how to recover?
Brian Topping
brian.topping at gmail.com
Wed Jan 14 13:54:48 UTC 2015
Hi Martin, thanks for your response!
>> What I realize now is the certificate CRL points to the server that no longer exists and I'd like to get that cleaned up. I found http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master <http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master>, is that relevant for my situation?
>
> Yes, this is the procedure to follow for servers older than FreeIPA 4.1. Jan is
> that correct? If yes, the page deserves a warning/update.
>
Ooof! I forgot that vendor repos were so far behind. I'm still at 3.3.3-28.
Is it reasonable and desirable to run one of my two servers with the image documented at http://seven.centos.org/2014/12/freeipa-4-1-2-and-centos <http://seven.centos.org/2014/12/freeipa-4-1-2-and-centos>? I'm interested in integrating Shiro or some other RBAC against IPA at some point in the next few months, but I'd wait if the Docker image is a prelude to 4.x hitting vendor repos soon.
Cheers, Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150114/0bcd948a/attachment.htm>
More information about the Freeipa-users
mailing list