On Mon, 2012-05-07 at 15:26 -0700, David Copperfield wrote:
> I installed a master IPA server with dogtag certificate system
> installed; then use ipa-replica-prepare and ipa-replica-install to
> install two IPA replica servers. The two replicas are installed and
> 'ipa-replica-manage' commands shows that user/group data replication
> link is established between master and replicas. But the problem is,
> although dogtag certificate system was installed on Master, it (the
> dogtag) is not installed onto replicas by default with ipa-replica
> commands, let alone the certificate replication.
In 2.2 we do not replicate the CA by default. Just like we do not
install the DNS server by default.
Use ipa-ca-install and ipa-csreplica-manage to manage the CA and it's
> Another finding is that, all the masters and replicas servers doesn't
> have host certificates created automatically. Is this normal and
> intended, or there is something wrong? I'am running ipa-server-2.1.3-9
> on red hat 6.2.
All replica have certificates, but they may not be associated to the
host object, that may be considered a bug, but it is that way for
historical reasons I think.
Simo Sorce * Red Hat, Inc * New York
Freeipa-users mailing list