On Mon, 2012-05-07 at 15:26 -0700, David Copperfield wrote: > Hi, > > > I installed a master IPA server with dogtag certificate system > installed; then use ipa-replica-prepare and ipa-replica-install to > install two IPA replica servers. The two replicas are installed and > 'ipa-replica-manage' commands shows that user/group data replication > link is established between master and replicas. But the problem is, > although dogtag certificate system was installed on Master, it (the > dogtag) is not installed onto replicas by default with ipa-replica > commands, let alone the certificate replication.
In 2.2 we do not replicate the CA by default. Just like we do not install the DNS server by default. Use ipa-ca-install and ipa-csreplica-manage to manage the CA and it's replication topology. > > Another finding is that, all the masters and replicas servers doesn't > have host certificates created automatically. Is this normal and > intended, or there is something wrong? I'am running ipa-server-2.1.3-9 > on red hat 6.2. All replica have certificates, but they may not be associated to the host object, that may be considered a bug, but it is that way for historical reasons I think. Simo. -- Simo Sorce * Red Hat, Inc * New York _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
