Testing The Ca Cloned-Master Connection - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual

Stop the master CA server by issuing the following command in that directory:
b.
./stop-cert
Go to the master CA's server config directory:
c.
cd <serverRoot>/cert-<masterID>/config
Edit the CS.cfg file by adding the following line:
d.
ca.listenToCloneModifications=true
Close and save the CS.cfg file.
e.
Go to the master CA directory at the command line:
f.
cd <serverRoot>/cert-<masterID>
Restart the master CA server by issuing the following command in that directory:
g.
./start-cert
Once the configuration for the cloned CA instance is done, the cloned CA instance will be
available. The administrator should be able to see all the requests and certificates from
either this cloned CA or the master CA. Additionally, for the purpose of high availability, it
is strongly encouraged that CRL publishing is enabled in this cloned CA, presuming that
CRL publishing has been enabled in the master CA.
Also, it should be understood that any configurations made to a master CA will also need to
be setup in each cloned CA. The only two exceptions to this rule are the Users and Groups
and the Access Control Lists, both of which are provided through the CS console.

Testing the CA Cloned-Master Connection

Follow these steps to test whether your cloned-master CA setup is complete and functional.
Request a certificate from the cloned CA.
1.
Approve the request.
2.
Skip this step if you requested the certificate using any of the automated enrollment
methods. Complete this step if you used the agent-approved enrollment form for
requesting the certificate; the request you submitted is waiting in the agent queue for
approval by an agent.
Download the certificate to the browser.
3.
Revoke the certificate.
4.
Cloning the Certificate Manager
Chapter 17 Configuring CS for High Availability 657