John Moyer wrote: > Hello All, > > I was going to promote one of my newer replica IPA servers to be the > master of our IPA environment and noticed when following the procedures > to do this that I'm apparently missing this file from my master IPA server: > > /var/lib/ipa/ca_serialno > > Is there a way to regenerate this file? > > I just made a replica like 3 weeks ago, so it definitely is the > master, I'm just not sure why this file doesn't exist. Looked at my > backups from the last 3 months and it hasn't existed in that time period.
That file was the source of serial numbers for what was called selfsign mode (now deprecated in 3.3+). It installed a file-based CA on the initial IPA master. You needed to pass --selfsign to the installer What docs are you working from that say you need to worry about this file? They are likely ancient. rob -- Manage your subscription for the Freeipa-users mailing list: https://www.redhat.com/mailman/listinfo/freeipa-users Go To http://freeipa.org for more info on the project
