I was unable to install an update for Centos 7.
I had done a default install, and then moved to commercial certs for LDAP and
don’t use the CA.
We have a replica. It upgraded fine, but then it’s CA-less.
The upgrade for the primary failed, because the upgrade of the CA failed. It
tried to update Server-Cert for LDAP, but the actual cert has an alias based on
I assume there’s a different naming convention when a 3rd party CA is in use
than when the cert is issued by Dogtag.
Any ideas how to recover? I’d be happy just to disable the CA component if
Can I rerun the upgrade?
At the moment I’m running in production with a half-upgraded system. It appears
that the only thing that failed was the upgrade of the CA, which I don’t use.
But this doesn’t seem to be a good idea in the long run. I’ve considered
producing another CA-less replica, which presumably would upgrade fine, and
decommissioning the original.
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org