On 13/01/2021 21.44, TC Johnson via FreeIPA-users wrote: > Back around Nov/Dec when RHEL 8.3 release, I was hit with the update issue > regarding fapolicy. Fortunatly only my IPA1 was impacted, though at the time > it was my CA and CRL master. As part of recovery I migrated CA and CRL to > IPA2, which is where it still resides. I built a new IPA1 and configured it > as a replica. > > This also seems to coincide with when the CRL ceases to be updated with newly > revoked certs. > > So I wonder if I messed something up in that process Did you migrate CA renewal and CRL master services to the new server?
https://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master#Procedure_in_FreeIPA_4.0_or_later Christian -- Christian Heimes Principal Software Engineer, Identity Management and Platform Security Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn, Commercial register: Amtsgericht Muenchen, HRB 153243, Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
