On Mon, 2012-05-07 at 15:26 -0700, David Copperfield wrote:
> Hi,
>  I installed a master IPA server with dogtag certificate system
> installed; then use ipa-replica-prepare and ipa-replica-install to
> install two IPA replica servers. The two replicas are installed and
> 'ipa-replica-manage' commands shows that user/group data replication
> link is established between master and replicas. But the problem is,
> although dogtag certificate system was installed on Master, it (the
> dogtag) is not installed onto replicas by default with ipa-replica
> commands, let alone the certificate replication.

In 2.2 we do not replicate the CA by default. Just like we do not
install the DNS server by default.
Use ipa-ca-install and ipa-csreplica-manage to manage the CA and it's
replication topology.
> Another finding is that, all the masters and replicas servers doesn't
> have host certificates created automatically. Is this normal and
> intended, or there is something wrong? I'am running ipa-server-2.1.3-9
> on red hat 6.2.

All replica have certificates, but they may not be associated to the
host object, that may be considered a bug, but it is that way for
historical reasons I think.


Simo Sorce * Red Hat, Inc * New York

Freeipa-users mailing list

Reply via email to