I am looking for some advice on how to make my existing clients join a new
ipa cluster. We have an existing cluster (3.0) and after several attempts
at upgrading we decided to just build fresh cluster (4.2) We now want the
clients join the new cluster. It seems there are few things that tie the

- /var/lib/ipa-client/sysrestore
- /etc/ipa/ca.crt
- certutil -L -d /etc/pki/nssdb/
- certutil delete the IPA CA cert (which is fully trusted CT, C, C)
- certutil delete the machine specific certificate

Even with all of this its not clean and i am running into other issues. I
am hoping there is a better way.

Thank You
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to