On Thu, 2012-05-10 at 00:24 +0000, Steven Jones wrote:
> Hi,
> 
> In case everyone else is asleep now......
> 
> Do you have access to RH documentation?  the 6.3beta admin guide
> section 18.8 talks about why and how to make a replicate a master.

The problem seems to be that David had only a single server providing
the dogtag CA, and that was the machine that died.

> 
>  I've a IPA master/replica setup in our development environment.
> Unfortunately our IPA master crashed, the replica is working fine. Now
> I have the IPA master re-imaged.
> 
> 
>  What are the steps I have to follow to re-create the IPA master from
> running IPA replica? Before crash the IPA master ran dogtag
> certificate system, while the IPA replica didn't  -- created normally
> without the --setup-ca option.

You'll have to check with the FreeIPA/Dogtag dev team (I'm a client-side
guy, so I don't have all the data here), but you're probably not going
to be in good shape. If you kept a separate backup of the private root
certificate for the CA, you may be able to stand up a new CA instance
and then issue new signed certs from the restored private root cert.
Otherwise, you're probably in trouble.

Attachment: signature.asc
Description: This is a digitally signed message part

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to