[Pki-devel] What if I lose my IPA CA?
Andrew Wnuk
awnuk at redhat.com
Wed Aug 29 15:18:50 UTC 2012
On 08/29/2012 06:04 AM, Rob Crittenden wrote:
> I can't find any documentation how we'd handle this in IPA, so before
> a customer runs into it...
>
> What happens if someone sets up multiple IPA servers and only has a CA
> installed on one of them, and that server goes away forever for some
> reason (they deleted the replica, horrific failure, etc)?
>
> Let's also assume they saved the original CA PKCS#12 file.
You may need to save more than the original CA PKCS#12 file.
You should save also CA's internal database and remember how it was
customize.
>
> Is there some mechanism to either stand up a new dogtag instance with
> this CA's key? Would it be better to stand up a new server as a
> subordinate of this CA?
>
> I'm not entirely sure of the mechanics we'd use for either of these,
> but its a start.
>
> thanks
>
> rob
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
More information about the Pki-devel
mailing list