On Thu, 2012-05-10 at 00:24 +0000, Steven Jones wrote: > Hi, > > In case everyone else is asleep now...... > > Do you have access to RH documentation? the 6.3beta admin guide > section 18.8 talks about why and how to make a replicate a master.
The problem seems to be that David had only a single server providing the dogtag CA, and that was the machine that died. > > I've a IPA master/replica setup in our development environment. > Unfortunately our IPA master crashed, the replica is working fine. Now > I have the IPA master re-imaged. > > > What are the steps I have to follow to re-create the IPA master from > running IPA replica? Before crash the IPA master ran dogtag > certificate system, while the IPA replica didn't -- created normally > without the --setup-ca option. You'll have to check with the FreeIPA/Dogtag dev team (I'm a client-side guy, so I don't have all the data here), but you're probably not going to be in good shape. If you kept a separate backup of the private root certificate for the CA, you may be able to stand up a new CA instance and then issue new signed certs from the restored private root cert. Otherwise, you're probably in trouble.
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
