In case everyone else is asleep now......

Do you have access to RH documentation?  the 6.3beta admin guide section 18.8 
talks about why and how to make a replicate a master.


All servers and replicas which host a CA are peers in the topology. They can 
all issue certificates
and keys to IPA clients, and they all replicate information amongst themselves.
The only reason to promote a replica or server to be a master server is if the 
master server is
being taken offline. There has to be a root CA which can issue CRLs and 
ultimately validate
certificate checks.
Aside from that, replicas, servers, and the master server are all equal peers."


Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of David Copperfield [cao2...@yahoo.com]
Sent: Thursday, 10 May 2012 11:04 a.m.
To: Rob Crittenden; Freeipa-users@redhat.com
Subject: [Freeipa-users] How to rebuild IPA master?

Hi all,

 I've a IPA master/replica setup in our development environment. Unfortunately 
our IPA master crashed, the replica is working fine. Now I have the IPA master 

 What are the steps I have to follow to re-create the IPA master from running 
IPA replica? Before crash the IPA master ran dogtag certificate system, while 
the IPA replica didn't  -- created normally without the --setup-ca option.


Freeipa-users mailing list

Reply via email to