Re: [Freeipa-users] How to restore IPA Master/Replicas

Tue, 22 May 2012 14:46:21 -0700 

Steven Jones wrote:

From the 18.8.2 section point 2,


"[root@ipaserver ~]# pk12util -o /path/to/cacert.p12 -n "EXAMPLE.COM IPA CA" -d 
/etc/
dirsrv/slapd-EXAMPLE-COM"

the -o option is the one below?

[root@vuwunicoipam001 ~]# find /etc/ -name cacert*
/etc/httpd/alias/cacert.p12

?

I think an explanation of what Im meant to be looking for might help...


You're using a self-signed CA?


The -o is what you defined as /path/to/cacert.p12. It is wherever you 
want to store the file.



This documentation is incorrect though, I thought I had filed a bug on 
this already. In a self-signed CA the root certificate is in 
/etc/httpd/alias and not in a 389-ds instance at all. So for step 2 
you'd replace /etc/dirsrv/slapd-EXAMPLE-COM with /etc/httpd/alias.



What this is doing is creating a file to transport the self-signed CA 
private keys and certificate securely from one location to another.



This is assuming the original master is around. If it is then you can do 
this. If not then you saved /root/cacert.p12 from the initial install, 
right?


rob



regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

________________________________________
From: freeipa-users-boun...@redhat.com [freeipa-users-boun...@redhat.com] on 
behalf of Steven Jones [steven.jo...@vuw.ac.nz]
Sent: Wednesday, 23 May 2012 8:11 a.m.
Cc:<freeipa-users@redhat.com>
Subject: [Freeipa-users] How to restore IPA Master/Replicas

Hi,

My master is it seems dead and has been for a week, RH supprt cannot recover 
it.....so I need to move on and rebuild it.....first it looks like I need to 
promote my replica to be the master.

Do we have any good docs/procedures for the above?

regards

Steven Jones

Technical Specialist - Linux RHCE

Victoria University, Wellington, NZ

0064 4 463 6272

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users


_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users






















					Reply via email to