Thank you for your quick response!
Sorry ,I did not mean to suggest I expected IPA to renew my user-provided
certificate - just meant we failed to renew the certificate ourselves in time.
I had previously commented out the cert and key lines from the ssl.conf and put
in the full path to my new ones, but I had not tried overwriting the httpd crt
and key. That worked! I was able to start the apache server in the present
day with ntp re-enabled.
I was also able to run ipa-server-certinstall with the -w option.
The only step that I am still failing at is the installation with the -k
option. Of the 5 files provided by section:
Available formats:
as Certificate only, PEM encoded:
as Certificate (w/ issuer after),
as Certificate (w/ chain), PEM encoded:
as PKCS#7:
as PKCS#7, PEM encoded:
The 4th one PKCS#7 was the only one that ipa-server-certinstall did not reject
as a invalid for KDC, but it says "incorrect password for pkcs#12 file"
I did find the 443-RSA file where you indicted, and it has what looks like a
hash or auto-generated password in it, but I'm unclear what you mean by 'Update
that if needed' - I don't believe there was a PIN or passphrase set on the
private key. Is there a method that I am supposed to pass or overwrite that
443-RSA file contents? I could overwrite the (possibly blank) passphrase of
the key but I'm hesitant to break what worked for the other options.
Thanks again!!
Jesse
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
