On 5/20/21 7:52 AM, Rob Crittenden via FreeIPA-users wrote:
Florence Renaud via FreeIPA-users wrote:
Hi Ian,
with IPA 4.6.8 you just need to follow the 389ds doc.
The procedure was more complex in version < 3.2.2 because there were two
389ds instances (one for the regular suffix and one for the Certificate
Server) and the password has to be manually synchronized between the 2,
and the replica installation was done using a different procedure (you
had to prepare a replica file containing passwords, private keys,
certificates and then transfer this file on the future replica).
The PKCS#12 file of the CA root generated by IPA during installation is
protected by the DM password.
An updated file can be generated using PKCS12Export if desired.
This is where it gets confusing.
I can see the PKCS#12 file in /root. I've changed my DM password, but I
haven't regenerated the file. Is this going to cause problems later on?
--
========================================================================
In Soviet Russia, Google searches you!
========================================================================
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure
