[Freeipa-users] vaults and service accounts
Anthony Clark
anthonyclarka2 at gmail.com
Sun Jul 24 14:33:51 UTC 2016
Hello All,
I have a crazy notion of storing a host's SSH private keys in a ipa vault,
so that a rebuilt host can use the same keys.
I'm on CentOS 7.2 and I'm using the RPMs available in the standard centos
base repository, so I'm constrained to version 1.0 vaults. I'm using this
page:
http://www.freeipa.org/page/V4/Password_Vault_1.0#Provisioning_service_vault_password_for_service_instance
I'm trying these following steps but running into trouble:
ipa service-add ssh/test01.dev.redacted.net
certutil -N -d testcertdb
certutil -R -d testcertdb -a -g 2048 -s 'CN=test01.dev.redacted.net,O=
DEV.REDACTED.NET'
<paste that csr into the ipa web gui>
ipa-getcert request -r -f testsshd01-cert.pem -k testsshd01-key.pem -K ssh/
test01.dev.redacted.net at DEV.REDACTED.NET
ipa vault-add testsshd02 --service ssh/
test01.dev.redacted.net at DEV.REDACTED.NET --type asymmetric
--public-key-file testsshd01-cert.pem
the last command gives me "ipa: ERROR: invalid 'ipavaultpublickey': Invalid
or unsupported vault public key: Could not unserialize key data."
Is there a preferred way to create a public key for asymmetric encryption
for a service vault?
Thanks,
Anthony Clark
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20160724/7c8ffd7d/attachment.htm>
More information about the Freeipa-users
mailing list