Converting A Cloned Ca Into A Master Ca - Red Hat CERTIFICATE SYSTEM 7.2 - ADMINISTRATION Administration Manual
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.2 - ADMINISTRATION:
- Manual (240 pages) ,
- Reference manual (337 pages) ,
- Release note (24 pages)
Table of Contents
Advertisement
Chapter 19. Configuring the Certificate System for High Availability
• Enable CRL generation requests redirection by adding the following two lines:
master.ca.agent.host=hostname
master.ca.agent.port=port number
19.4.2. Converting a Cloned CA into a Master CA
After converting the existing offline master CA into an offline cloned CA, one of the online cloned CAs
must be converted into the new online master CA.
1. Stop the online cloned CA server.
/etc/init.d/instance_ID stop
2. Open the cloned CA's configuration directory.
cd /var/lib/clone_ID/conf
3. Edit the CS.cfg file.
a. Delete each line which begins with the ca.crl. prefix:
b. Copy each line beginning with the ca.crl. prefix from the former master CA CS.cfg file into
the cloned CA's CS.cfg file.
c. Enable control of the database maintenance thread by changing the value of the following line
to 600; 600 is the default value for the master Certificate System. This value can be changed
to any other non-zero number:
ca.certStatusUpdateInterval=600
d. Enable monitoring database replication changes by changing the value of this line to true:
ca.listenToCloneModifications=true
e. Enable maintenance of the CRL cache by changing all of the enableCRLCache lines to
true:
ca.crl.IssuingPointId.enableCRLCache=true
f.
Enable CRL generation by changing all of the enableCRLUpdates lines to true:
ca.crl.IssuingPointId.enableCRLUpdates=true
422
Advertisement
Table of Contents
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.2 - ADMINISTRATION and is the answer not in the manual?