[Freeipa-users] Replace with 3rd part certificates
Rob Crittenden
rcritten at redhat.com
Wed Jul 6 13:01:33 UTC 2016
Andreas Ladanyi wrote:
> Hi,
>
> is it possible that ipa-server-certinstall couldnt handle private keys
> without password ?
You can file an RFE at https://fedorahosted.org/freeipa/newticket
> i would test it with a self-signed certificate and test private key file
> secured with password, but i dont know whats happen after entering a
> valid private key unlock password. Could i stop the certificate import
> process at this point, so no change will happen to my productive ipa
> server ?
I would not recommend experimenting with random certificates.
It should be possible to add a password to your private key. A quick
google found
http://security.stackexchange.com/questions/59136/can-i-add-a-password-to-an-existing-private-key
rob
>
> regards,
> Andreas
>> Hi,
>>
>> i try to replace the self signed certificate from the ipa installation
>> with this description:
>>
>> http://www.freeipa.org/page/Using_3rd_part_certificates_for_HTTP/LDAP
>>
>> ipa-server-certinstall -w -d mysite.key mysite.crt
>>
>> The tool ask for the private key unlock passwort. The private key was
>> generated without passwort. I tried out to press only the enter key, but
>> it doesnt help. So iam confused. The certificate and keyfile are in PEM
>> format.
>>
>> For testing I converted the private key with:
>>
>> openssl rsa -in -out
>>
>> because i want to know if openssl ask me for a password, but it doesnt.
>>
>> My version number is FreeIPA 4.1.
>>
>>
>> regards,
>> Andreas
>>
>>
>>
>
>
>
More information about the Freeipa-users
mailing list