Ah, so this is all a matter of old docs. --selfsign installation are deprecated, we now use "CA-less" instead.
I updated http://www.freeipa.org/page/Howto/Promoting_a_self-signed_FreeIPA_CA and added a warning with links to appropriate resources. HTH, Martin On 07/23/2014 05:54 PM, John Moyer wrote: > > http://docs.fedoraproject.org/en-US/Fedora/15/html/FreeIPA_Guide/promoting-replica.html > http://www.freeipa.org/page/Howto/Promoting_a_self-signed_FreeIPA_CA > > > On 7/23/14, 11:21 AM, Rob Crittenden wrote: >> John Moyer wrote: >>> Hello All, >>> >>> I was going to promote one of my newer replica IPA servers to be the >>> master of our IPA environment and noticed when following the procedures >>> to do this that I'm apparently missing this file from my master IPA server: >>> >>> /var/lib/ipa/ca_serialno >>> >>> Is there a way to regenerate this file? >>> >>> I just made a replica like 3 weeks ago, so it definitely is the >>> master, I'm just not sure why this file doesn't exist. Looked at my >>> backups from the last 3 months and it hasn't existed in that time period. >> That file was the source of serial numbers for what was called selfsign >> mode (now deprecated in 3.3+). It installed a file-based CA on the >> initial IPA master. You needed to pass --selfsign to the installer >> >> What docs are you working from that say you need to worry about this >> file? They are likely ancient. >> >> rob >> > > > > > Thanks, > ------------------------------------------------------------------------ > John Moyer > Director, IT Operations > 901 N. Stuart St. STE 904A > Arlington,VA 22203 > 703.678.2311 Office > 240.460.0023 Cell > 703.678.2312 Fax > > > -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project