Well now that sounds a daunting endeavor. It would definitely be a last resort
type situation for sure. Thank you both for laying it out and I definitely
didn't expect it to be possible at all so at least its something.
I think the big problem we're having is the fact that we can't seem to create
new CA replicas against our old IPA 3.0 CA. I've upgraded the servers to the
latest and greatest multiple times over the last year (which caused its own set
of problems which are in a different thread) and each time it fails with a
different error. I can generally find the same problem in a bugzilla but even
after patching to the recommended version it still fails with a new error.
The latest being:
[14/Jun/2017:06:49:45][http-bio-8443-exec-3]: Unable to update security domain:
java.io.IOException: Unable to update security domain: 2
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org