roy liang via FreeIPA-users wrote: >> roy liang via FreeIPA-users wrote: >> >> Maybe. You're way out in uncharted territory but I don't believe it will >> hurt anything. > In my current state, I cannot copy the new copy of FREEIPA. If I cannot copy > the new copy, there will be a big problem one day. > Or is there some other way, that does not require PKI-Tomcat related > services, to finish copying a new copy out? > >> >> You already tried this right? > Yes, I tried, but my version and circumstances failed, if there is no better > way, I will try again, but it will take a lot of time to verify.It would be > nice to have documentation on this.
Like I've said, there is no documentation for this, a system that is unrenewable because of a missing library. I do have another suggestion on something to try. It's a bit half-baked and who knows, you may have already tried it. I'd strongly urge trying this on a clone of your production CA. IIRC you can go back in time where all the certs are valid and the CA is operational, right? If so, do that. If not you're still going to be stuck and you can stop reading. Bring up a new server one running CentOS or RHEL, and set time back on it as well. Preferably running 4.6.8 (RHEL 7). This is the closest to your current version. Install it as a client with -N to skip syncing time, then run ipa-replica-install -N for the same reason. If you get that far, try running ipa-ca-install. This may well give you a working CA. At that point you'd set it as a the CA renewal master, etc (see the RHEL docs) and you'd be back in business. There would be more to do afterward but lets not get ahead of ourselves. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
