I read the backup procedure on http://www.freeipa.org/page/Backup_and_Restore. 
If I lose my first master, it is stated than:
- Clean deployment from the lost server by removing all replication agreements 
with it.
- Choose another FreeIPA Server with CA installed to become the first master
- Nominate this master to be the one in charge or renewing certs and publishing 
CRLS. This is a manual procedure at the moment.
- Follow standard installation procedure to deploy a new master on a 
hardware/VM of your choice

How do I nominate this master to be the one in charge of renews certs and 
publishing CRLS? I didn't found the procedure.

Also do I care to differentiate between the first master and other replica, if 
my IPA installation use an external root CA certificate (Windows AD in that 


Nicolas Zin

Manage your subscription for the Freeipa-users mailing list:
Go To http://freeipa.org for more info on the project

Reply via email to