Thank you, Rob for your response
On 08.04.2015 21:07, Rob Crittenden wrote:
I assume you can't do this because the original host is lost, right?
Year, you right.
Every IPA master is a equal, some are just more equal than others. The
key bit that distinguishes them is whether there is a CA installed. The
other bit has to do with CRL generation and renewal which in your
version can only be done on one host (neither of which apply to
I want to clarify, I didn't use --selfsign key during primery server
installation. I suppose it's default key for CA, am I wrong?
On mycurrent ipa server (replica) I haven't CA.
You mention migrating. What new primary server?
I'm telling about installation of new freeipa server and copy all data
So I'd start digging around to see if you have the original CA private
key somewhere. The end of the IPA server install would have recommending
backing up cacert.p12.
I have backup of cacert.p12 key.
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project