[Freeipa-users] Globalsign External CA Certificate Import Failure
Dmitri Pal
dpal at redhat.com
Mon Jan 6 18:39:07 UTC 2014
On 01/06/2014 12:25 PM, James Scollard wrote:
> I have it now. The --dirsrv_pkcs12 option seems to like pkcs7
> formatted certificates, but the person who issued it did not set a
> password, so FreeIPA will not let me install it to know if it works
> for sure. I am having the certificate reissued again with a password
> in pkcs12 format and all should be well with the world again.
>
> Thanks for your help and guidance on this. Your level of support is
> better than I could have expected.
This is not support ;-)
We are just a friendly community of developers taking pride in what we
do and making sure it works for people who want to use the software we
create.
Thanks
Dmitri
>
> On 1/6/14 11:01 AM, Rob Crittenden wrote:
>> James Scollard wrote:
>>> That makes absolute perfect sense. Thanks for the clarification.
>>> Unfortunately I have an new issue now. Globalsign has issued me a
>>> pkcs7
>>> certificate. FreeIPA does not recognize the format:
>>>
>>> [root at ldapm6x00 ~]# ipa-server-install
>>> --dirsrv_pkcs7=/root/ldapm6x00.sun.weather.com.pkcs7
>>> --http_pkcs7=/root/ldapm6x00.sun.weather.com.pkcs7
>>> --root-ca-file=/root/STAR_CA-2048.crt
>>> Usage: ipa-server-install [options]
>>>
>>> ipa-server-install: error: no such option: --dirsrv_pkcs7
>>>
>>> I need to convert it to pkcs12 using the converter here (awesome free
>>> tool):
>>>
>>> https://www.sslshopper.com/ssl-converter.html
>>>
>>> I need the server's private key file to convert from pkcs7 to pkcs12,
>>> but cant find it anywhere. Is there a command to export it or does it
>>> live in /var/lib or /etc somewhere?
>>
>> The private exists wherever you generated the CSR. If you used
>> openssl then it would be in a flat file somewhere. If you used NSS
>> then it would be in that database.
>>
>> rob
>
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-users
mailing list