Thanks Rob for your reply.
In our situations, we have only left with data-only backup of our IPA server. (For some
reason, both our IPA Master and Replica server got corrupted and are not in recoverable
state.)
So we attempted, data-only restore on Fresh Install of IPA server. We faced issue with
Kerberos and RA key miss match which we fixed. Now we stuck with CA miss match issue.
We suspect CA cert in local files likes NSS db, SLAPd & HTTP alias folder are NOT
matching with CA keys in LDAP, as this KEY came from data-only restore.
So, can we remove entire exiting CA and re-create it again?
Regards,
Anand