I was unable to install an update for Centos 7.

I had done a default install, and then moved to commercial certs for LDAP and 
HTTP, using 
https://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP. We 
don’t use the CA.

We have a replica. It upgraded fine, but then it’s CA-less.

The upgrade for the primary failed, because the upgrade of the CA failed. It 
tried to update Server-Cert for LDAP, but the actual cert has an alias based on 
the DN.

I assume there’s a different naming convention when a 3rd party CA is in use 
than when the cert is issued by Dogtag.

Any ideas how to recover? I’d be happy just to disable the CA component if 
that’s possible.

Can I rerun the upgrade?

At the moment I’m running in production with a half-upgraded system. It appears 
that the only thing that failed was the upgrade of the CA, which I don’t use. 
But this doesn’t seem to be a good idea in the long run. I’ve considered 
producing another CA-less replica, which presumably would upgrade fine, and 
decommissioning the original.

FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to