[Pki-devel] What if I lose my IPA CA?
Rob Crittenden
rcritten at redhat.com
Wed Aug 29 13:04:14 UTC 2012
I can't find any documentation how we'd handle this in IPA, so before a
customer runs into it...
What happens if someone sets up multiple IPA servers and only has a CA
installed on one of them, and that server goes away forever for some
reason (they deleted the replica, horrific failure, etc)?
Let's also assume they saved the original CA PKCS#12 file.
Is there some mechanism to either stand up a new dogtag instance with
this CA's key? Would it be better to stand up a new server as a
subordinate of this CA?
I'm not entirely sure of the mechanics we'd use for either of these, but
its a start.
thanks
rob
More information about the Pki-devel
mailing list