Hi, We've created a new replica from our FreeIPA infrastructure, with CA capabilities. Now we want it to be the CA renewal master, as it's written here:
https://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master However, the first step, knowing which is the present master, is blocking us. ldapsearch does not return the info we need: ldapsearch -D 'cn=Directory Manager' -W -b 'cn=masters,cn=ipa,cn=etc,dc=bitban,dc=int' '(ipaConfigString=caRenewalMaster)' dn Enter LDAP Password: # extended LDIF # # LDAPv3 # base <cn=masters,cn=ipa,cn=etc,dc=bitban,dc=int> with scope subtree # filter: (ipaConfigString=caRenewalMaster) # requesting: dn # # search result search: 2 result: 0 Success # numResponses: 1 Neither one of the servers have "ca.crl.MasterCRL.enableCRLUpdates=true" on /etc/pki/pki-tomcat/ca/CS.cfg Is there any more updated doc about this? All FreeIPA servers are: CentOS Linux release 7.5.1804 (Core) VERSION: 4.5.4, API_VERSION: 2.228 Thank you _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/5BWQC2VTIXEMWARWPJA5QSKRKIVRGKXL/