Hi all,
I managed to work around the issue by:
1. Setting up the replica without the CA (i.e., `ipa-replica-install` without
`--setup-ca`)
2. Set up the CA with `ipa-ca-install`. This also failed at some point (because it could
not contact the old master on port 8443), but it seemed to do "enough" so I
could actually ignore the missing steps.
I turned off the original master, verified that I could still log in on the clients and
also tested certificate renewal with `ipa-cacert-manage renew`, which was successful.
I don't know what the missing steps were, I hope this won't bite me in the long
run. Do you have any suggestions what else I could test to verify that the CA is also
working properly?
Thanks for all the help!
Kind regards,
Till