I was unable to install an update for Centos 7. I had done a default install, and then moved to commercial certs for LDAP and HTTP, using https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP. We don’t use the CA.
We have a replica. It upgraded fine, but then it’s CA-less. The upgrade for the primary failed, because the upgrade of the CA failed. It tried to update Server-Cert for LDAP, but the actual cert has an alias based on the DN. I assume there’s a different naming convention when a 3rd party CA is in use than when the cert is issued by Dogtag. Any ideas how to recover? I’d be happy just to disable the CA component if that’s possible. Can I rerun the upgrade? At the moment I’m running in production with a half-upgraded system. It appears that the only thing that failed was the upgrade of the CA, which I don’t use. But this doesn’t seem to be a good idea in the long run. I’ve considered producing another CA-less replica, which presumably would upgrade fine, and decommissioning the original.
_______________________________________________ FreeIPA-users mailing list -- email@example.com To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org