Andrew Meyer via FreeIPA-users wrote: > This is what I have been following: > https://github.com/gudmmk/howtos/blob/master/duo_authproxy-with-freeipa.md > https://duo.com/docs/authproxy-reference > https://help.duo.com/s/article/2209?language=en_US > https://community.duo.com/t/directory-sync-with-idm/2171/19 > > > Here is the error output. > [error] The Auth Proxy was not able to create an SSL context with the given > certificate and private key. It will be unable to use these credentials to > create and maintain SSL-based connections such as LDAPS. > [error] The Auth Proxy was not able to validate the SSL private key at > /opt/duoauthproxy/conf/duoauth-starttls.key. Ensure that it is a readable, > valid SSL key file using a tool like 'openssl rsa'. > [debug] Exception: [('PEM routines', 'PEM_read_bio', 'no start line')] > [info] The Auth Proxy was able to validate the SSL certificate data at > /etc/ipa/ca.crt. > [warn] The Auth Proxy did not run the SSL context creation check because of > the problem(s) with the SSL key and cert check. Resolve that issue and rerun > the tester. > [warn] The Auth Proxy did not run the listen check because of the problem(s) > with the ssl configuration check. Resolve that issue and rerun the tester. > [info] ----------------------------- > [info] SUMMARY > > Thanks for your help!
You need a server certificate for the duo auth proxy service. I'm not in the office right now but you can refer to the IdM documentation on docs.redhat.com to see how to generate a server certificate for this service. rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
