Hi Flo and Andrew, thanx for you replies, but I think you missed the point:
The new (external) root CA certificate and the new ipa CA certificate are *in* freeipa already, but on the host I had used for running ipa-cacert-manage to deploy this new PKI the database in /var/lib/pki/pki-tomcat/ca/alias appears to be in an inconsistent state. Manually fixing this is not persistent. If I create another CA replica, then this server looks fine, except for the old root CA still in /etc/ipa/ca.crt . I would like to get rid of the old PKI completely. Regards Harri _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
