Hi Flo and Andrew,
thanx for you replies, but I think you missed the point:
The new (external) root CA certificate and the new ipa
CA certificate are *in* freeipa already, but on the host
I had used for running ipa-cacert-manage to deploy this
new PKI the database in /var/lib/pki/pki-tomcat/ca/alias
appears to be in an inconsistent state. Manually fixing
this is not persistent.
If I create another CA replica, then this server looks
fine, except for the old root CA still in /etc/ipa/ca.crt .
I would like to get rid of the old PKI completely.
FreeIPA-users mailing list -- firstname.lastname@example.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org