[Freeipa-users] ipa-replica-prepare error
Orion Poplawski
orion at cora.nwra.com
Thu May 28 22:24:17 UTC 2015
On 05/28/2015 03:09 PM, Rob Crittenden wrote:
> Orion Poplawski wrote:
>> We did a CAless install:
>>
>> ipa-server-install -r NWRA.COM -n nwra.com -p `cat /etc/ldap.secret` -a `cat
>> /etc/ldap.secret` --root-ca-file=PositiveSSLCA2.crt
>> --dirsrv_pkcs12=nwra.com.p12 --dirsrv_pin=XXXX --http_pkcs12=nwra.com.p12
>> --http_pin=XXXX --idstart=8000
>>
>> But now when we try to setup a replica:
>>
>> # ipa-replica-prepare ipa1.nwra.com --dirsrv_pkcs12=nwra.com.p12
>> --dirsrv_pin=XXXX --http_pkcs12=nwra.com.p12 --http_pin=XXXX
>> Directory Manager (existing master) password:
>>
>> The full certificate chain is not present in nwra.com.p12
>>
>>
>> p12 file was created with:
>>
>> openssl pkcs12 -export -in /etc/pki/tls/certs/nwra.com.crt -inkey
>> /etc/pki/tls/private/nwra.com.key -certfile
>> /etc/pki/tls/certs/PositiveSSLCA2.crt -out nwra.com.p12
>>
>> ipa-server-4.1.0-18.sl7_1.3.x86_64
>>
>> Any thoughts?
>>
>
> At a glance your creation steps look ok. Strangely, the same code that loads
> the PKCS#12 files are used both in the server install and replica prepare, the
> only difference it seems is that with the server install we get a copy of the
> CA separately too.
>
> Can you provide the output of: pk12util -l nwra.com.p12
>
> Maybe we can work out what it thinks is missing.
>
> rob
I think I need to redo our install with an updated (SHA-2?) certificate, but I
wouldn't think that would affect this issue either.
# pk12util -l nwra.com.p12
Enter password for PKCS12 file:
Certificate(has private key):
Data:
Version: 3 (0x2)
Serial Number:
45:22:20:8d:d6:04:19:2a:b1:e7:e5:4f:5e:e0:30:0e
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Issuer: "CN=PositiveSSL CA 2,O=COMODO CA Limited,L=Salford,ST=Greater
Manchester,C=GB"
Validity:
Not Before: Thu Oct 11 00:00:00 2012
Not After : Tue Oct 10 23:59:59 2017
Subject: "CN=*.nwra.com,OU=PositiveSSL Wildcard,OU=Domain Control Val
idated"
Subject Public Key Info:
Public Key Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
d8:08:80:96:8f:f0:80:86:cd:f0:e7:6a:11:7f:8e:fb:
4b:95:6a:42:93:c7:cf:c3:76:80:bd:a6:cc:6c:fd:e2:
89:1a:3f:97:c1:3d:2d:fe:e4:4a:90:c5:aa:33:97:b3:
54:cc:67:73:57:2d:cb:9f:d0:27:ea:f0:d8:9b:5d:24:
94:2f:f5:84:06:d4:04:e8:83:c5:b2:40:b1:59:2c:f8:
4f:73:9c:41:fc:8d:46:3d:be:46:e7:9f:15:5d:8c:a5:
47:23:de:e2:cf:b3:be:97:ed:0c:82:3e:00:29:b7:8b:
a0:86:92:ec:07:00:8b:35:77:1c:27:ba:c8:a0:80:dc:
9a:69:dd:99:89:df:b4:70:f6:f6:8c:23:8b:f9:1d:bf:
ba:07:32:36:17:bc:25:e7:fb:7a:b0:11:86:de:88:59:
51:ed:e5:de:5e:14:e5:c0:28:ce:d3:5b:92:38:de:fa:
4b:15:9d:62:13:69:31:5a:0d:21:6e:2e:a6:c6:ae:30:
94:95:ce:e6:6c:dc:22:71:b4:1a:3a:f9:ec:4b:72:e4:
9d:82:ba:6b:a5:46:b0:b7:5a:23:22:d3:92:57:5b:bf:
55:fd:70:df:36:13:9c:a9:df:50:6e:62:43:23:13:eb:
f5:ef:ee:c7:15:e0:46:37:21:9b:3d:86:ea:2c:c7:01
Exponent: 65537 (0x10001)
Signed Extensions:
Name: Certificate Authority Key Identifier
Key ID:
99:e4:40:5f:6b:14:5e:3e:05:d9:dd:d3:63:54:fc:62:
b8:f7:00:ac
Name: Certificate Subject Key ID
Data:
e9:88:f0:50:0f:f6:09:89:5c:3d:53:70:38:ca:82:22:
42:7e:21:e3
Name: Certificate Key Usage
Critical: True
Usages: Digital Signature
Key Encipherment
Name: Certificate Basic Constraints
Critical: True
Data: Is not a CA.
Name: Extended Key Usage
TLS Web Server Authentication Certificate
TLS Web Client Authentication Certificate
Name: Certificate Policies
Data:
Policy Name: OID.1.3.6.1.4.1.6449.1.2.2.7
Policy Qualifier Name: PKIX CPS Pointer Qualifier
Policy Qualifier Data: "http://www.positivessl.com/CPS"
Policy Name: OID.2.23.140.1.2.1
Name: CRL Distribution Points
Distribution point:
URI: "http://crl.comodoca.com/PositiveSSLCA2.crl"
Name: Authority Information Access
Method: PKIX CA issuers access method
Location:
URI: "http://crt.comodoca.com/PositiveSSLCA2.crt"
Method: PKIX Online Certificate Status Protocol
Location:
URI: "http://ocsp.comodoca.com"
Name: Certificate Subject Alt Name
DNS name: "*.nwra.com"
DNS name: "nwra.com"
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Signature:
91:48:95:7d:ce:fa:42:46:16:57:a4:4d:35:0d:6f:67:
1e:96:eb:4f:78:ba:8b:99:cf:85:49:08:27:43:22:3a:
6b:69:45:0a:06:57:2b:23:e1:0f:d5:ed:4b:2c:b0:a6:
24:92:2c:cb:92:e0:60:be:88:8c:76:89:f0:37:94:28:
68:b4:09:26:c0:b0:c7:3a:b8:cb:92:c9:0b:02:0f:90:
10:9a:94:2b:d0:50:e9:1e:57:8f:ee:f9:1a:9b:8d:14:
57:29:13:38:e9:a1:b3:c2:1d:a4:e7:25:64:de:83:16:
6d:80:d9:b4:94:a2:bf:e1:8d:c2:1b:49:93:4e:61:c3:
14:a0:5f:ab:7d:c9:9f:ec:e3:2c:d1:7b:fc:ba:84:77:
11:52:55:01:d6:68:48:79:dc:ad:3b:a4:9e:ed:95:58:
79:da:7d:12:32:20:7c:5b:25:b9:c0:09:df:f2:c6:55:
f7:ad:75:75:ca:fc:dd:d4:6a:04:4c:89:92:89:3c:39:
c9:f4:6b:a2:a6:b6:c2:cb:59:e2:ab:f8:6d:c1:a9:49:
94:bc:d6:e6:44:98:04:53:1a:58:79:df:9c:f1:06:74:
7c:97:68:ff:86:c3:82:48:a1:2d:62:d4:31:bf:2f:b5:
f6:e1:bc:6f:52:2c:7c:3e:7a:5f:a7:9a:a4:6c:f5:72
Fingerprint (SHA-256):
0C:C8:5C:1F:CB:EF:A6:E8:CA:EE:4E:D1:2C:20:67:A0:A0:29:8E:28:37:53:BC:40:93:81:19:47:8B:D2:CC:F8
Fingerprint (SHA1):
1B:73:6C:D5:AD:77:16:EF:71:E9:CB:AD:9D:16:D1:72:96:35:10:E9
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
07:6f:12:46:81:45:9c:28:d5:48:d6:97:c4:0e:00:1b
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Issuer: "CN=AddTrust External CA Root,OU=AddTrust External TTP Networ
k,O=AddTrust AB,C=SE"
Validity:
Not Before: Thu Feb 16 00:00:00 2012
Not After : Sat May 30 10:48:38 2020
Subject: "CN=PositiveSSL CA 2,O=COMODO CA Limited,L=Salford,ST=Greate
r Manchester,C=GB"
Subject Public Key Info:
Public Key Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
e8:ea:39:e3:22:a6:aa:b9:c4:00:d0:e7:aa:67:3b:43:
07:bd:4f:92:eb:bc:be:01:a3:40:ad:e0:ef:44:28:b5:
d0:3a:be:80:54:17:85:7a:6b:84:6c:36:36:e5:a3:24:
e2:fe:28:01:90:bc:d7:dd:0f:b9:2b:4e:48:77:05:69:
af:de:57:30:b1:e8:fb:1a:03:f6:3c:5b:53:1e:a1:01:
49:68:72:73:d6:33:2b:43:a9:37:32:52:0f:ae:27:56:
31:30:60:ad:c9:bd:73:2c:39:ee:90:d8:75:b0:25:21:
60:7b:2a:7f:02:fd:82:85:1f:74:4f:92:34:73:5c:1d:
00:a0:b0:c0:ea:98:e2:be:01:14:58:17:28:22:8a:77:
5d:50:25:cd:9a:6c:a6:e5:0c:e5:ab:28:c3:b2:20:89:
f0:07:24:1e:95:c2:2e:c0:e5:e9:ec:f6:3d:12:07:48:
3d:d2:c3:23:56:41:ec:d3:df:35:4b:c8:e7:f6:86:05:
52:10:43:9a:8c:17:7c:8b:aa:bc:78:e0:f0:45:3b:ac:
80:55:fe:28:93:e1:0a:11:68:f4:52:57:6f:fe:48:0b:
5b:5d:1a:6a:67:73:99:82:b4:9e:43:60:3e:c7:5b:2a:
12:6e:1a:ee:cb:39:ae:c3:35:9d:a8:bc:5d:b0:2f:c3
Exponent: 65537 (0x10001)
Signed Extensions:
Name: Certificate Authority Key Identifier
Key ID:
ad:bd:98:7a:34:b4:26:f7:fa:c4:26:54:ef:03:bd:e0:
24:cb:54:1a
Name: Certificate Subject Key ID
Data:
99:e4:40:5f:6b:14:5e:3e:05:d9:dd:d3:63:54:fc:62:
b8:f7:00:ac
Name: Certificate Key Usage
Critical: True
Usages: Certificate Signing
CRL Signing
Name: Certificate Basic Constraints
Critical: True
Data: Is a CA with a maximum path length of 0.
# pk12util -l nwra.com.p12
Enter password for PKCS12 file:
Certificate(has private key):
Data:
Version: 3 (0x2)
Serial Number:
45:22:20:8d:d6:04:19:2a:b1:e7:e5:4f:5e:e0:30:0e
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Issuer: "CN=PositiveSSL CA 2,O=COMODO CA Limited,L=Salford,ST=Greater
Manchester,C=GB"
Validity:
Not Before: Thu Oct 11 00:00:00 2012
Not After : Tue Oct 10 23:59:59 2017
Subject: "CN=*.nwra.com,OU=PositiveSSL Wildcard,OU=Domain Control Val
idated"
Subject Public Key Info:
Public Key Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
d8:08:80:96:8f:f0:80:86:cd:f0:e7:6a:11:7f:8e:fb:
4b:95:6a:42:93:c7:cf:c3:76:80:bd:a6:cc:6c:fd:e2:
89:1a:3f:97:c1:3d:2d:fe:e4:4a:90:c5:aa:33:97:b3:
54:cc:67:73:57:2d:cb:9f:d0:27:ea:f0:d8:9b:5d:24:
94:2f:f5:84:06:d4:04:e8:83:c5:b2:40:b1:59:2c:f8:
4f:73:9c:41:fc:8d:46:3d:be:46:e7:9f:15:5d:8c:a5:
47:23:de:e2:cf:b3:be:97:ed:0c:82:3e:00:29:b7:8b:
a0:86:92:ec:07:00:8b:35:77:1c:27:ba:c8:a0:80:dc:
9a:69:dd:99:89:df:b4:70:f6:f6:8c:23:8b:f9:1d:bf:
ba:07:32:36:17:bc:25:e7:fb:7a:b0:11:86:de:88:59:
51:ed:e5:de:5e:14:e5:c0:28:ce:d3:5b:92:38:de:fa:
4b:15:9d:62:13:69:31:5a:0d:21:6e:2e:a6:c6:ae:30:
94:95:ce:e6:6c:dc:22:71:b4:1a:3a:f9:ec:4b:72:e4:
9d:82:ba:6b:a5:46:b0:b7:5a:23:22:d3:92:57:5b:bf:
55:fd:70:df:36:13:9c:a9:df:50:6e:62:43:23:13:eb:
f5:ef:ee:c7:15:e0:46:37:21:9b:3d:86:ea:2c:c7:01
Exponent: 65537 (0x10001)
Signed Extensions:
Name: Certificate Authority Key Identifier
Key ID:
99:e4:40:5f:6b:14:5e:3e:05:d9:dd:d3:63:54:fc:62:
b8:f7:00:ac
Name: Certificate Subject Key ID
Data:
e9:88:f0:50:0f:f6:09:89:5c:3d:53:70:38:ca:82:22:
42:7e:21:e3
Name: Certificate Key Usage
Critical: True
Usages: Digital Signature
Key Encipherment
Name: Certificate Basic Constraints
Critical: True
Data: Is not a CA.
Name: Extended Key Usage
TLS Web Server Authentication Certificate
TLS Web Client Authentication Certificate
Name: Certificate Policies
Data:
Policy Name: OID.1.3.6.1.4.1.6449.1.2.2.7
Policy Qualifier Name: PKIX CPS Pointer Qualifier
Policy Qualifier Data: "http://www.positivessl.com/CPS"
Policy Name: OID.2.23.140.1.2.1
Name: CRL Distribution Points
Distribution point:
URI: "http://crl.comodoca.com/PositiveSSLCA2.crl"
Name: Authority Information Access
Method: PKIX CA issuers access method
Location:
URI: "http://crt.comodoca.com/PositiveSSLCA2.crt"
Method: PKIX Online Certificate Status Protocol
Location:
URI: "http://ocsp.comodoca.com"
Name: Certificate Subject Alt Name
DNS name: "*.nwra.com"
DNS name: "nwra.com"
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Signature:
91:48:95:7d:ce:fa:42:46:16:57:a4:4d:35:0d:6f:67:
1e:96:eb:4f:78:ba:8b:99:cf:85:49:08:27:43:22:3a:
6b:69:45:0a:06:57:2b:23:e1:0f:d5:ed:4b:2c:b0:a6:
24:92:2c:cb:92:e0:60:be:88:8c:76:89:f0:37:94:28:
68:b4:09:26:c0:b0:c7:3a:b8:cb:92:c9:0b:02:0f:90:
10:9a:94:2b:d0:50:e9:1e:57:8f:ee:f9:1a:9b:8d:14:
57:29:13:38:e9:a1:b3:c2:1d:a4:e7:25:64:de:83:16:
6d:80:d9:b4:94:a2:bf:e1:8d:c2:1b:49:93:4e:61:c3:
14:a0:5f:ab:7d:c9:9f:ec:e3:2c:d1:7b:fc:ba:84:77:
11:52:55:01:d6:68:48:79:dc:ad:3b:a4:9e:ed:95:58:
79:da:7d:12:32:20:7c:5b:25:b9:c0:09:df:f2:c6:55:
f7:ad:75:75:ca:fc:dd:d4:6a:04:4c:89:92:89:3c:39:
c9:f4:6b:a2:a6:b6:c2:cb:59:e2:ab:f8:6d:c1:a9:49:
94:bc:d6:e6:44:98:04:53:1a:58:79:df:9c:f1:06:74:
7c:97:68:ff:86:c3:82:48:a1:2d:62:d4:31:bf:2f:b5:
f6:e1:bc:6f:52:2c:7c:3e:7a:5f:a7:9a:a4:6c:f5:72
Fingerprint (SHA-256):
0C:C8:5C:1F:CB:EF:A6:E8:CA:EE:4E:D1:2C:20:67:A0:A0:29:8E:28:37:53:BC:40:93:81:19:47:8B:D2:CC:F8
Fingerprint (SHA1):
1B:73:6C:D5:AD:77:16:EF:71:E9:CB:AD:9D:16:D1:72:96:35:10:E9
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
07:6f:12:46:81:45:9c:28:d5:48:d6:97:c4:0e:00:1b
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Issuer: "CN=AddTrust External CA Root,OU=AddTrust External TTP Networ
k,O=AddTrust AB,C=SE"
Validity:
Not Before: Thu Feb 16 00:00:00 2012
Not After : Sat May 30 10:48:38 2020
Subject: "CN=PositiveSSL CA 2,O=COMODO CA Limited,L=Salford,ST=Greate
r Manchester,C=GB"
Subject Public Key Info:
Public Key Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
e8:ea:39:e3:22:a6:aa:b9:c4:00:d0:e7:aa:67:3b:43:
07:bd:4f:92:eb:bc:be:01:a3:40:ad:e0:ef:44:28:b5:
d0:3a:be:80:54:17:85:7a:6b:84:6c:36:36:e5:a3:24:
e2:fe:28:01:90:bc:d7:dd:0f:b9:2b:4e:48:77:05:69:
af:de:57:30:b1:e8:fb:1a:03:f6:3c:5b:53:1e:a1:01:
49:68:72:73:d6:33:2b:43:a9:37:32:52:0f:ae:27:56:
31:30:60:ad:c9:bd:73:2c:39:ee:90:d8:75:b0:25:21:
60:7b:2a:7f:02:fd:82:85:1f:74:4f:92:34:73:5c:1d:
00:a0:b0:c0:ea:98:e2:be:01:14:58:17:28:22:8a:77:
5d:50:25:cd:9a:6c:a6:e5:0c:e5:ab:28:c3:b2:20:89:
f0:07:24:1e:95:c2:2e:c0:e5:e9:ec:f6:3d:12:07:48:
3d:d2:c3:23:56:41:ec:d3:df:35:4b:c8:e7:f6:86:05:
52:10:43:9a:8c:17:7c:8b:aa:bc:78:e0:f0:45:3b:ac:
80:55:fe:28:93:e1:0a:11:68:f4:52:57:6f:fe:48:0b:
5b:5d:1a:6a:67:73:99:82:b4:9e:43:60:3e:c7:5b:2a:
12:6e:1a:ee:cb:39:ae:c3:35:9d:a8:bc:5d:b0:2f:c3
Exponent: 65537 (0x10001)
Signed Extensions:
Name: Certificate Authority Key Identifier
Key ID:
ad:bd:98:7a:34:b4:26:f7:fa:c4:26:54:ef:03:bd:e0:
24:cb:54:1a
Name: Certificate Subject Key ID
Data:
99:e4:40:5f:6b:14:5e:3e:05:d9:dd:d3:63:54:fc:62:
b8:f7:00:ac
Name: Certificate Key Usage
Critical: True
Usages: Certificate Signing
CRL Signing
Name: Certificate Basic Constraints
Critical: True
Data: Is a CA with a maximum path length of 0.
Name: Certificate Policies
Data:
Policy Name: Certificate Policies AnyPolicy
Name: CRL Distribution Points
Distribution point:
URI: "http://crl.usertrust.com/AddTrustExternalCARoot.crl"
Name: Authority Information Access
Method: PKIX CA issuers access method
Location:
URI: "http://crt.usertrust.com/AddTrustExternalCARoot.p7c"
Method: PKIX CA issuers access method
Location:
URI: "http://crt.usertrust.com/AddTrustUTNSGCCA.crt"
Method: PKIX Online Certificate Status Protocol
Location:
URI: "http://ocsp.usertrust.com"
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Signature:
9c:36:e3:4e:ae:f1:8a:bb:6c:97:8c:8f:4b:67:d0:9f:
d8:84:aa:9f:21:5f:35:a1:5b:c4:2b:63:0d:e8:bc:77:
5d:a7:c4:37:fd:4b:2d:9e:e8:1d:69:a1:c0:84:cc:d1:
6d:8b:f3:81:cb:9f:4b:74:b0:49:2a:31:e8:37:40:eb:
1f:d9:97:a3:1a:11:d5:26:a7:6e:0f:ba:d5:be:2c:fd:
b4:91:64:dc:be:3b:19:50:0d:7a:95:f3:04:13:a9:bb:
47:0f:8b:5c:d1:ac:c2:7b:77:21:50:dd:5b:ab:ee:f4:
a6:d8:d4:4a:53:6b:4d:ad:b8:c8:e7:e6:52:58:4d:43:
4c:c2:a2:23:4f:0e:c0:20:39:af:df:4f:42:5b:1e:d3:
09:f4:18:09:59:2a:d9:e8:4a:18:bf:32:fb:fa:2d:64:
8b:87:ca:5b:2b:e8:b8:0b:7e:be:17:12:c7:03:82:29:
af:58:af:85:84:5d:3d:0a:df:23:51:c3:cd:af:10:bf:
80:69:77:91:0a:4f:e5:ba:e1:ad:9b:ce:df:33:4e:30:
3b:e9:8f:66:7f:82:fa:6b:fa:db:a3:c0:73:00:e3:d6:
12:af:4d:f2:0f:5a:14:51:1f:6d:b8:86:81:62:07:ce:
5c:72:c2:4f:f3:57:2a:71:d9:d4:97:85:e6:18:53:b7
Fingerprint (SHA-256):
44:75:53:4D:BB:11:47:14:C6:28:D3:EE:F2:18:11:00:2D:6C:CE:CC:43:28:E4:15:87:73:22:51:E4:24:F8:A6
Fingerprint (SHA1):
94:80:7B:1C:78:8D:D2:FC:BE:19:C8:48:1C:E4:1C:FA:B8:A4:C1:7F
Key(shrouded):
Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
Parameters:
Salt:
f0:6c:0b:29:47:50:d8:b3
Iteration Count: 2048 (0x800)
Name: Certificate Policies
Data:
Policy Name: Certificate Policies AnyPolicy
Name: CRL Distribution Points
Distribution point:
URI: "http://crl.usertrust.com/AddTrustExternalCARoot.crl"
Name: Authority Information Access
Method: PKIX CA issuers access method
Location:
URI: "http://crt.usertrust.com/AddTrustExternalCARoot.p7c"
Method: PKIX CA issuers access method
Location:
URI: "http://crt.usertrust.com/AddTrustUTNSGCCA.crt"
Method: PKIX Online Certificate Status Protocol
Location:
URI: "http://ocsp.usertrust.com"
Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
Signature:
9c:36:e3:4e:ae:f1:8a:bb:6c:97:8c:8f:4b:67:d0:9f:
d8:84:aa:9f:21:5f:35:a1:5b:c4:2b:63:0d:e8:bc:77:
5d:a7:c4:37:fd:4b:2d:9e:e8:1d:69:a1:c0:84:cc:d1:
6d:8b:f3:81:cb:9f:4b:74:b0:49:2a:31:e8:37:40:eb:
1f:d9:97:a3:1a:11:d5:26:a7:6e:0f:ba:d5:be:2c:fd:
b4:91:64:dc:be:3b:19:50:0d:7a:95:f3:04:13:a9:bb:
47:0f:8b:5c:d1:ac:c2:7b:77:21:50:dd:5b:ab:ee:f4:
a6:d8:d4:4a:53:6b:4d:ad:b8:c8:e7:e6:52:58:4d:43:
4c:c2:a2:23:4f:0e:c0:20:39:af:df:4f:42:5b:1e:d3:
09:f4:18:09:59:2a:d9:e8:4a:18:bf:32:fb:fa:2d:64:
8b:87:ca:5b:2b:e8:b8:0b:7e:be:17:12:c7:03:82:29:
af:58:af:85:84:5d:3d:0a:df:23:51:c3:cd:af:10:bf:
80:69:77:91:0a:4f:e5:ba:e1:ad:9b:ce:df:33:4e:30:
3b:e9:8f:66:7f:82:fa:6b:fa:db:a3:c0:73:00:e3:d6:
12:af:4d:f2:0f:5a:14:51:1f:6d:b8:86:81:62:07:ce:
5c:72:c2:4f:f3:57:2a:71:d9:d4:97:85:e6:18:53:b7
Fingerprint (SHA-256):
44:75:53:4D:BB:11:47:14:C6:28:D3:EE:F2:18:11:00:2D:6C:CE:CC:43:28:E4:15:87:73:22:51:E4:24:F8:A6
Fingerprint (SHA1):
94:80:7B:1C:78:8D:D2:FC:BE:19:C8:48:1C:E4:1C:FA:B8:A4:C1:7F
Key(shrouded):
Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
Parameters:
Salt:
f0:6c:0b:29:47:50:d8:b3
Iteration Count: 2048 (0x800)
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion at nwra.com
Boulder, CO 80301 http://www.nwra.com
More information about the Freeipa-users
mailing list