My home network lab has two IdM servers that run as replicas. In a perfect world, I’d have at least three so they could vote to overrule an errant replica, but this isn’t practical for me at this time. One of these IdM servers is physical, and the other virtual, so, having upgraded the virtual host to CentOS 8 and experiencing some minor issues, the virtual IdM server ended up offline quite a bit.

Today I upgraded one of my older servers (from before my decision to switch all new production servers to CentOS) to Fedora 30. After the upgrade, I found that the system would not accept 2048-bit SSL keys. In fact, DNF would even refuse to download the packagelists because of this. Taking the URL from DNF and attempting to fetch the page manually through curl got me "curl: (60) SSL certificate problem: CA certificate key too weak".

The backbone of my network is a Xeon E3-based “server” I built a few years ago for hosting virtual machines. The server runs six virtual machines, providing services like DHCP, PXE, authentication, DNS, update caching, and a VPN for me to connect to and manage the network from school. While I did have the server running in RAID1, for a long time none of these VMs got properly backed up.