The bug outlines how to promote a replica to be the primary "master".
You basically just need to import the CA and setup the serial number
file.
So lets say you had a master and 2 replicas. In reality the only thing
that differentiates the first master is that it was installed first so
has the CA. As far as data replication goes there is no distinction,
they are all equal.
Along these lines, does this mean if I have imported certificates signed
by a third party CA on all my freeipa servers, that all I would need to
do is update the replication agreements (in my case for freeIPA and AD)?
_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users
