I think you should read this carefully, but it should work:
https://access.redhat.com/documentation/en-us/red_hat_ enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_ guide/server-roles#server-roles-promote-to-ca
The whole CA data is replicated among all ldap servers, so it should be fixable.
This is true obviously only if you installed the replicas with the CA services, of course.