[Freeipa-users] Multiple CA certificates
Martin Kosek
mkosek at redhat.com
Fri Jul 10 06:47:28 UTC 2015
On 07/09/2015 01:25 PM, Joseph, Matthew (EXP) wrote:
> Hello,
>
> We are currently in the process of replacing our IdM 3.x server with 4.x.
>
> There are going to be some major directory changes during the upgrade so I need
> to keep both the old and new IdM servers up and running separately.
This dangerous. I am not sure what platform do you use, but if you are using
RHEL or CentOS, the general migration procedure to IdM 4.x (i.e. RHEL-7.0+) is
to simply create RHEL-7 replicas for your RHEL-6 servers and deprecate the old
ones.
In case you do some split brain migration, where old and new IdM live
separately, you may hit problems.
More info here:
https://www.freeipa.org/page/Howto/Migration
>
> Part of our configuration is using the password sync between IdM and Active
> Directory.
>
> I can’t find any information on this so I figured I’d ask you guys to see if
> anyone has done this before.
>
> Can I have two CA certificates from 2 IdM servers installed on the Active
> Directory server? And will this cause any issues with our password sync?
>
> Thanks,
>
> Matt
>
>
>
More information about the Freeipa-users
mailing list