Andrey Bondarenko via FreeIPA-users wrote:
Hello,
Do we have private key on all nodes of the FreeIPA cluster? I am
confused with comment
create_pkcs12 tells us whether we should create a PKCS#12 file
of the CA or not. If we are running on a replica then we won't
have the private key to make a PKCS#12 file so we don't need to
do that step.
in the certs.py.
This is a legacy option from IPA 2.0. In that version there was a
file-based self-signed CA installation option (mostly for development).
This created a single CA on the initial master only. There was no way to
setup a clone of it, that is what the reference is.
The option can probably be dropped altogether.
rob