URL: https://github.com/freeipa/freeipa/pull/355
Title: #355: Set up DS TLS on replica in CA-less topology

jcholast commented:
@mbasti-rh, `ipa-certupdate` has to be run on *all* systems in the domain after 
installing a CA. How do you propose we do that from `ipa-ca-install`? Anyway, 
the behavior @tomaskrizek is observing happens if you don't run 
`ipa-certupdate` *before* `ipa-ca-install` *on replica* and is caused by 
`ipa-ca-install` using local files rather than LDAP when looking for CA 

See the full comment at 
Manage your subscription for the Freeipa-devel mailing list:
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to