On 13/01/2021 21.44, TC Johnson via FreeIPA-users wrote:
Back around Nov/Dec when RHEL 8.3 release, I was hit with the update
issue regarding fapolicy. Fortunatly only my IPA1 was impacted, though at the time it was
my CA and CRL master. As part of recovery I migrated CA and CRL to IPA2, which is where it
still resides. I built a new IPA1 and configured it as a replica.
This also seems to coincide with when the CRL ceases to be updated with newly revoked
certs.
So I wonder if I messed something up in that process
Did you migrate CA renewal and
CRL master services to the new server?
https://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master#P...
Christian
--
Christian Heimes
Principal Software Engineer, Identity Management and Platform Security
Red Hat GmbH,
https://de.redhat.com/ , Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael
O'Neill