Promote Dogtag PKI replica to be the new master
by aaron.thompson@bluvector.io
We are trying to promote our Dogtag PKI replica server to be the new master and then decommission the old master. I was able to find some documentation for the IPA process: https://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master to do this but haven't been able to find anything yet that is specific to Dogtag.
In our CS.cfg on the replica we have this:
```
master.ca.agent.host=master.server.example.com
master.ca.agent.port=8443
```
Would it be as simple as removing those two lines from the CS.cfg on the replica, maybe set this line to true as well:
```
ca.crl.MasterCRL.enableCRLUpdates=false
```
and restart pki-tomcat and the dirsrv services?
Any insight provided or links to appropriate Dogtag docs that I seem to be unable to find would be much appreciated.
4 months, 1 week
- 2
- 1
- ← Newer
- 1
- Older →