Converting A Cloned Ca Into A Master Ca - Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual

Converting a Cloned CA into a Master CA

b.
c.
d.
e.
Close and save the CS.cfg file.
3.
Converting a Cloned CA into a Master CA
Having already converted the existing offline master CA into an offline cloned CA (see
Converting a Master CA into a Cloned CA), and since only one master CA can (and should)
exist for a CS installation, one of the online cloned CAs must now be converted into the
new online master CA.
First, ensure that the existing master CA is no longer running and has already been
converted into an offline cloned CA:
Go to one of the cloned CA's directories at the command line:
1.
cd <serverRoot>/cert-<cloneID>
Stop this online cloned CA server by issuing the following command in that directory:
2.
./stop-cert
Go to this cloned CA's configuration directory at the command line:
3.
cd <serverRoot>/cert-<cloneID>/config
Open the CS.cfg file for editing, and make the following changes:
4.
660 Red Hat Certificate System Administrator's Guide • September 2005
To disable monitoring database replication changes, modify the following line if it
exists by changing "true" to "false" (adding the line in if it does not already exist):
ca.listenToCloneModifications=false
To disable maintenance of the CRL cache, modify all of the "enableCRLCache"
lines if they exist by changing "true" to "false" (adding each line in if it does not
already exist):
ca.crl.<IssuingPointId>.enableCRLCache=false
To disable CRL generation, modify all of the "enableCRLUpdates" lines if they
exist by changing "true" to "false" (adding each line in if it does not already exist):
ca.crl.<IssuingPointId>.enableCRLUpdates=false
To enable CRL generation requests redirection, add the following two lines:
master.ca.agent.host=<hostname>
master.ca.agent.port=<port number>