Andrey Bondarenko via FreeIPA-users wrote: > Hello, > > Do we have private key on all nodes of the FreeIPA cluster? I am > confused with comment > > create_pkcs12 tells us whether we should create a PKCS#12 file > of the CA or not. If we are running on a replica then we won't > have the private key to make a PKCS#12 file so we don't need to > do that step. > > in the certs.py. >
This is a legacy option from IPA 2.0. In that version there was a file-based self-signed CA installation option (mostly for development). This created a single CA on the initial master only. There was no way to setup a clone of it, that is what the reference is. The option can probably be dropped altogether. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
