On Wed, Jan 29, 2020 at 03:13:15PM -0400, Terry Soucy via FreeIPA-users wrote: > Hi Everyone, > > I'm in the process of testing a CentOS 6 to CentOS 7 migration of our IPA > servers (ipa-server-3.0.0 to ipa-server-4.6.5). I have successfully added a > 4.6.5 IPA server to my 3.0.0 replicas in my testing environment, and > replication is working fine. I have a few aci differences that I'm still > weeding out, but no show stoppers. > > When we initially installed freeipa, we were planning on using the CA > capabilities, but have never actually used it after the initial install. My > question is, if we have never used it, can I simply just not worry about > creating a CA replica, and then renew my certificates using an external CA > after the migration is complete? > Hi Terry,
It is not officially supported, but you can do that. After you have removed the last CA replicas from the topology, there are some clean-up tasks you should perform. My blog post[1] covers the procedure (note that some steps like removing the Dogtag instance will not apply in your sceanrio). [1] https://frasertweedale.github.io/blog-redhat/posts/2019-10-24-removing-ipa-ca.html Cheers, Fraser > Thanks in advance > > Terry > > > -- > Terry Soucy > Systems Engineering Lead | Salesforce > Mobile: +1.506.609.3247 > > > <http://smart.salesforce.com/sig/tsoucy//ca_mb/default/link.html> > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org