(Hopefully Thunderbird will only send one copy of this. Sorry about the previous duplicate.)
I run a single FreeIPA server (on CentOS 7) in my home network, and I'm thinking of migrating it to Fedora. AFAICT, doing this as an actual upgrade will require multiple cycles of creating a newer FreeIPA server, adding it as a replica, removing the older server, lather, rinse, repeat. I'm only using FreeIPA for its DNS, certificate authority, and LDAP authentication capabilities, and my home network isn't that large, so I'm considering simply installing a new server and re-creating the various users, hosts, services, and DNS zones/entries. (I don't have any systems that are truly managed with FreeIPA.) Thus, it would be nice if the new FreeIPA server could use the same root CA certificate as the existing one. I believe that I can do this by passing the --external-cert-file option to ipa-server-install, but I need both the certificate and the private key of the root CA to do so. Thus, I'm wondering how I can extract the root CA private key from my existing CentOS 7 (FreeIPA 4.6.8) server. Thanks! -- ======================================================================== Google Where SkyNet meets Idiocracy ======================================================================== _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue