This is pretty much it, but there are a few other parameters to tweak, and only the PKI service needs a restart.
for the details, see the documentation at:

https://docs.redhat.com/en/documentation/red_hat_certificate_system/10/html/planning_installation_and_deployment_guide/converting-masters-and-clones
10.7. Converting Masters and Clones
10.7.1. Converting CA Clones and Masters

Thanks,
M.



On Fri, Aug 9, 2024 at 6:56 AM aaron.thompson--- via Pki-users <users@lists.dogtagpki.org> wrote:
We are trying to promote our Dogtag PKI replica server to be the new master and then decommission the old master. I was able to find some documentation for the IPA process: https://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master to do this but haven't been able to find anything yet that is specific to Dogtag.



In our CS.cfg on the replica we have this:

```
master.ca.agent.host=master.server.example.com
master.ca.agent.port=8443
```

Would it be as simple as removing those two lines from the CS.cfg on the replica, maybe set this line to true as well:

```
ca.crl.MasterCRL.enableCRLUpdates=false
```

and restart pki-tomcat and the dirsrv services?


Any insight provided or links to appropriate Dogtag docs that I seem to be unable to find would be much appreciated.
_______________________________________________
Pki-users mailing list -- users@lists.dogtagpki.org
To unsubscribe send an email to users-leave@lists.dogtagpki.org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s