Andrey Bondarenko wrote: > Thank you, that's very helpful for me. So currently all FreeIPA nodes > are completely equal?
Only if they all have a CA installed as well. rob > > On Fri, Oct 12, 2018 at 3:29 PM Rob Crittenden <[email protected] > <mailto:[email protected]>> wrote: > > Andrey Bondarenko via FreeIPA-users wrote: > > Hello, > > > > Do we have private key on all nodes of the FreeIPA cluster? I am > > confused with comment > > > > create_pkcs12 tells us whether we should create a PKCS#12 file > > of the CA or not. If we are running on a replica then we won't > > have the private key to make a PKCS#12 file so we don't need to > > do that step. > > > > in the certs.py. > > > > This is a legacy option from IPA 2.0. In that version there was a > file-based self-signed CA installation option (mostly for development). > This created a single CA on the initial master only. There was no way to > setup a clone of it, that is what the reference is. > > The option can probably be dropped altogether. > > rob > > > > -- > > > With best regards, Andrey Bondarenko mail:[email protected] > <mailto:mail%[email protected]> https://andreybondarenko.com > <https://andreybondarenko.com/> skype:andrey.bondarenko phone, Telegram, > WhatsApp, etc:+420-773-591-443 > > > 7758 40AC 88CC 96C9 0C9A 9EE4 3B72 547B 7538 D41B > > > > _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
