Rob Morin via FreeIPA-users wrote: > The master is gone, has been for a year, the server exists, but ipa was > uninstalled with ip-server-install --uninstall command... so i only have this > replica, and i assume that re-installing it on the old server would mess > stuff up?
Please don't try to re-install it. This would also fail and probably just make matters worse. Do you have /root/cacert.p12 on that original master? If so run: # pk12util -l /root/cacert.p12 |grep "Not After" If the certs aren't all expired it may be easier to get something restored (time is fungible). The first value is the most important one. We've never had to do this but the dogtag team has a documented way to install a CA using an existing key. It wasn't exactly meant for this case but it could still work. I haven't worked out in my head how things would actually work or tried this myself but you have the slightest sliver of hope with this. Even if the CA can be stood back up there could still be hurdles to overcome. But this goes nowhere if you don't have the root CA cert so see if you have that. rob _______________________________________________ FreeIPA-users mailing list -- email@example.com To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org