[Freeipa-users] I think I trashed my FreeIPA CA - how to recover?
Jan Cholasta
jcholast at redhat.com
Thu Jan 15 08:26:07 UTC 2015
Hi,
Dne 14.1.2015 v 14:54 Brian Topping napsal(a):
> Hi Martin, thanks for your response!
>
>>> What I realize now is the certificate CRL points to the server that
>>> no longer exists and I'd like to get that cleaned up. I found
>>> http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master <http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master>,
>>> is that relevant for my situation?
>>
>> Yes, this is the procedure to follow for servers older than FreeIPA
>> 4.1. Jan is
>> that correct? If yes, the page deserves a warning/update.
This is the procedure to follow on IPA < 4.0. On IPA >= 4.0, the
information about renewal master is stored in LDAP, but you still have
to handle CRL master manually.
>>
>
> Ooof! I forgot that vendor repos were so far behind. I'm still at 3.3.3-28.
>
> Is it reasonable and desirable to run one of my two servers with the
> image documented at
> http://seven.centos.org/2014/12/freeipa-4-1-2-and-centos? I'm
> interested in integrating Shiro or some other RBAC against IPA at some
> point in the next few months, but I'd wait if the Docker image is a
> prelude to 4.x hitting vendor repos soon.
>
> Cheers, Brian
Honza
--
Jan Cholasta
More information about the Freeipa-users
mailing list