Bret Wortman via FreeIPA-users freeipa-users@lists.fedorahosted.org writes:
If this is the correct search, then no. It's gone.
Now, if you don't have the private keys any longer (see Rob's mail), we should consider your CA really gone. I'd look at ipa-ca-install and something like https://www.freeipa.org/page/V4/CA-less_to_CA-full_conversion. You'll need to refresh the CA certs and certificates on all clients after recreating a new CA. Use a new CA subject with --subject...
Getting dogtag going probably won't be easy, but we'll see. I had problems after cert renewal, but got dogtag up with password authentication temporarily and could fix certs/ldap.
Jochen