This is pretty much it, but there are a few other parameters to tweak, and
only the PKI service needs a restart.
for the details, see the documentation at:
https://docs.redhat.com/en/documentation/red_hat_certificate_system/10/ht...
10.7. Converting Masters and Clones
10.7.1. Converting CA Clones and Masters
Thanks,
M.
On Fri, Aug 9, 2024 at 6:56 AM aaron.thompson--- via Pki-users <
users(a)lists.dogtagpki.org> wrote:
We are trying to promote our Dogtag PKI replica server to be the new
master and then decommission the old master. I was able to find some
documentation for the IPA process:
https://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master
to do this but haven't been able to find anything yet that is specific to
Dogtag.
In our CS.cfg on the replica we have this:
```
master.ca.agent.host=master.server.example.com
master.ca.agent.port=8443
```
Would it be as simple as removing those two lines from the CS.cfg on the
replica, maybe set this line to true as well:
```
ca.crl.MasterCRL.enableCRLUpdates=false
```
and restart pki-tomcat and the dirsrv services?
Any insight provided or links to appropriate Dogtag docs that I seem to be
unable to find would be much appreciated.
_______________________________________________
Pki-users mailing list -- users(a)lists.dogtagpki.org
To unsubscribe send an email to users-leave(a)lists.dogtagpki.org
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s