Thank you, that's very helpful for me. So currently all FreeIPA
nodes
are completely equal?
On Fri, Oct 12, 2018 at 3:29 PM Rob Crittenden <rcritten(a)redhat.com
<mailto:rcritten@redhat.com>> wrote:
Andrey Bondarenko via FreeIPA-users wrote:
> Hello,
>
> Do we have private key on all nodes of the FreeIPA cluster? I am
> confused with comment
>
> create_pkcs12 tells us whether we should create a PKCS#12 file
> of the CA or not. If we are running on a replica then we won't
> have the private key to make a PKCS#12 file so we don't need to
> do that step.
>
> in the certs.py.
>
This is a legacy option from IPA 2.0. In that version there was a
file-based self-signed CA installation option (mostly for development).
This created a single CA on the initial master only. There was no way to
setup a clone of it, that is what the reference is.
The option can probably be dropped altogether.
rob
--
With best regards, Andrey Bondarenko mail:me@andreybondarenko.com
<mailto:mail%3Ame@andreybondarenko.com>
https://andreybondarenko.com
<
https://andreybondarenko.com/> skype:andrey.bondarenko phone, Telegram,
WhatsApp, etc:+420-773-591-443
7758 40AC 88CC 96C9 0C9A 9EE4 3B72 547B 7538 D41B