On Wed, Jan 29, 2020 at 03:13:15PM -0400, Terry Soucy via FreeIPA-users wrote:
> Hi Everyone,
> 
> I'm in the process of testing a CentOS 6 to CentOS 7 migration of our IPA
> servers (ipa-server-3.0.0 to ipa-server-4.6.5). I have successfully added a
> 4.6.5 IPA server to my 3.0.0 replicas in my testing environment, and
> replication is working fine. I have a few aci differences that I'm still
> weeding out, but no show stoppers.
> 
> When we initially installed freeipa, we were planning on using the CA
> capabilities, but have never actually used it after the initial install. My
> question is, if we have never used it, can I simply just not worry about
> creating a CA replica, and then renew my certificates using an external CA
> after the migration is complete?
> 
Hi Terry,

It is not officially supported, but you can do that.  After you have
removed the last CA replicas from the topology, there are some
clean-up tasks you should perform.  My blog post[1] covers the
procedure (note that some steps like removing the Dogtag instance
will not apply in your sceanrio).

[1] 
https://frasertweedale.github.io/blog-redhat/posts/2019-10-24-removing-ipa-ca.html

Cheers,
Fraser

> Thanks in advance
> 
> Terry
> 
> 
> -- 
> Terry Soucy
> Systems Engineering Lead | Salesforce
> Mobile: +1.506.609.3247
> 
> 
> <http://smart.salesforce.com/sig/tsoucy//ca_mb/default/link.html>

> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct: 
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: 
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org

Reply via email to