I've got ipa-server 4.5.0. This is topology with 2 servers and and lost my
primary. I found this guide "Promote CA to Renewal and CRL Master Procedure
in FreeIPA 4.0 or later
Server 1 failed in my case.
On server 2, I set enableCRLCache, enableCRLUpdates to false in
I restarted pki-tomcatd@pki-tomcat
I fixed the revokation rule in apache (enabled the rule)
I restarted httpd
Now the FreeIPA website says "Internal Server Error" and running kinit
admin "kinit: Client's credentials have been revoked while getting initial
Before CA promotion the website and kinit seemed to be working fine on
server 2. Is kerberos or LDAP or Kerberos broken now? What steps were
missed to failover?
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed.
If you have received this email in error, please notify the system manager.
Please note that any views or opinions presented in this email are solely
those of the author and do not necessarily represent those of the company.
Finally, the recipient should check this email and any attachments for the
presence of viruses. The company accepts no liability for any damage caused
by any virus transmitted by this email.
FreeIPA-users mailing list -- email@example.com
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org