TC Johnson via FreeIPA-users wrote:
I migrated the CA/CRL master role back to IPA1. Now certs that I
revoke are added to the CRL as expected, but the few certs I revoked while the role was on
IPA2 are still missing. This is a workable condition since those certs were just for
testing.
That fact that one CA is missing some certificates suggests that
replication between the two CA servers may be having issues.
I don't see how this would affect CRL generation though if those certs
were on the CA generating it.
rob