Is there an online guide to turning on a CA?

We had one, which signed all our SSL Certs and such. It worked quite nicely. Then we rolled an upgrade around our IPA servers to get them from Fedora to Centos, and in the process, we failed to migrate the CA, so we ended up with 3 servers without a CA.

Fast-forward to today, and we lost one, which was our intended CA. So now I have two servers (a and z) which are working just fine but we can't create new SSL certs signed by our IPA CA.

How can I go about promoting one of these to CA? I know I followed online directions the last time, but that was years ago and I've lost the link. Thanks!

It's a private development network, so relying on external CAs isn't an option.

*Bret Wortman*
President, Damascus Products LLC
855-644-2783 <tel:855-644-2783> | 303-523-8037 <tel:303-523-8037> | <> | | 10332 Main St Suite 319 Fairfax, VA 22030 <> <> <>

FreeIPA-users mailing list --
To unsubscribe send an email to

Reply via email to