On Mon, Nov 12, 2018 at 03:55:13PM -0500, Rob Foehl via FreeIPA-users wrote:
If I have a pair of IPA servers and need to reinstall the one currently holding the CA master, is it actually necessary to promote the other one, or can I just follow the procedure to rebuild the current master via replication and then verify its CA configuration[1] after the fact?
Thanks,
-Rob
Hi Rob,
Can you please clarify, what is the procedure to rebuild the master via replication?
In any case, a CA replica is recommended in strong terms, whether rebuilding a master or not! But as long as you include the CA on the rebuilt master, there is no need to promote the replica to renewal/CRL master. Just ensure the renewal/CRL master configuration is correct at the end, as you suggested.
Cheers, Fraser
[1] Specifically, everything mentioned in https://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahoste...