Il 09/01/2018 14:02, Fraser Tweedale via FreeIPA-users ha scritto:
"CA replica" just means any IPA master that has the Dogtag
CA
installed.
You have a Dogtag CA. That CA uses an LDAP database, which has
basedn `o=ipaca'. That database should have the entry I indicated,
whose `userCertificate' attribute we are interested in.
Ok, sorry for my low IPA CA knowledge :-)
I've got 4 userCertificate entries in that entry, last one is the same
cert as /var/lib/ipa/ra-agent.pem