On Jan 13, 2015, at 1:56 PM, Brian Topping <brian.topp...@gmail.com> wrote:
>
> Hi folks, really pleased with the latest versions of FreeIPA. Very robust,
> quite impressive!
>
> In the process of setting it up, I ended up having to move servers a couple
> of times. The original server is gone, just replicas that installed cleanly
> with each other.
Ok, I think I have this sorted -- somewhat.
After pawing through the Tomcat configuration for Dogtag, I traced back to the
pki-tomcatd@pki-tomcat.service <mailto:pki-tomcatd@pki-tomcat.service> not
running. Once that started, the relevant information was available to the UI.
There are a sufficient number of certificates that I think everything is in
order. Whew.
What I realize now is the certificate CRL points to the server that no longer
exists and I'd like to get that cleaned up. I found
http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master
<http://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master>, is
that relevant for my situation?
Thanks, Brian
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project