[Freeipa-users] Promoting CA replica to master

Hi, We've created a new replica from our FreeIPA infrastructure, with CA capabilities. Now we want it to be the CA renewal master, as it's written here: https://www.freeipa.org/page/Howto/Promote_CA_to_Renewal_and_CRL_Master However, the first step, knowing which is the present master, is blocking us. ldapsearch does not return the info we need: ldapsearch -D 'cn=Directory Manager' -W -b 'cn=masters,cn=ipa,cn=etc,dc=bitban,dc=int' '(ipaConfigString=caRenewalMaster)' dn Enter LDAP Password: # extended LDIF # # LDAPv3 # base <cn=masters,cn=ipa,cn=etc,dc=bitban,dc=int> with scope subtree # filter: (ipaConfigString=caRenewalMaster) # requesting: dn # # search result search: 2 result: 0 Success # numResponses: 1 Neither one of the servers have "ca.crl.MasterCRL.enableCRLUpdates=true" on /etc/pki/pki-tomcat/ca/CS.cfg Is there any more updated doc about this? All FreeIPA servers are: CentOS Linux release 7.5.1804 (Core) VERSION: 4.5.4, API_VERSION: 2.228 Thank you