hi,
On Wed, Feb 21, 2018 at 4:48 PM, Bret Wortman via FreeIPA-users < freeipa-users@lists.fedorahosted.org> wrote:
I may be going about this in the hardest way possible, so let me stop and roll everything back to my root need:
I have two IPA servers which manage our infrastructure. We used to have three, but a catastrophic failure on one led to its total loss. And it was our CA.
So now we have no CA -- is there a way to promote an existing system to take over? I realize it may well mean distributing a new root CA cert to everyone, but that seems less painful now than trying to set up a brand new cluster of servers and try to port our data over to them...
I think you should read this carefully, but it should work:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/htm...
The whole CA data is replicated among all ldap servers, so it should be fixable.
Good luck!