On Tue, 2015-12-29 at 14:30 +0100, Günther J. Niederwimmer wrote:
> Is it possible to install a DSNSEC Master with my before created KSK ZSK?
> I have installed a IPA Master on my System now I have change the Hardware and
> make a new installation with new Hardware?
Unless you want to trash your current install for some reason, it would
be easier to simply create an ipa replica on the new hardware so that
all keys get transferred too.
When you retire your old master you will have to reconfigure the
remaining replica to become the server that rotate the DNS keys.
> I have only a backup from the Files in
> When I now enable a new DNSSEC Master create freeIPA new KSK ZSK for the
> Domain ?
If you have already destroyed your original master it is probably easier
to just regenerate all keys and upload the new public keys on the glue
record of the delegating provider.
> Then I have to wait after the holidays to UPDATE the DS Record on my ISP :-(.
> Thanks for a answer,
> mit freundlichen Grüßen / best regards,
> Günther J. Niederwimmer
Simo Sorce * Red Hat, Inc * New York
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project