Hi Flo and Andrew,

thanx for you replies, but I think you missed the point:

The new (external) root CA certificate and the new ipa
CA certificate are *in* freeipa already, but on the host
I had used for running ipa-cacert-manage to deploy this
new PKI the database in /var/lib/pki/pki-tomcat/ca/alias
appears to be in an inconsistent state. Manually fixing
this is not persistent.

If I create another CA replica, then this server looks
fine, except for the old root CA still in /etc/ipa/ca.crt .

I would like to get rid of the old PKI completely.

FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to