We have a deployment of IPA that we have been using successfully for 185 days.  We are 3 days past the "half year" mark, and the self-signed cert that was created with the original IPA install (FreeIPA v2 alpha) has expired.  I have created a new self-signed cert, PKCS#12 format, but I cannot load it using the command:

ipa-server-certinstall -d ldap-selfsigned-to20120120.pkcs12 --dirsrv_pin=ldap

When I try this, I am asked for:

Directory Manager password:

And I have no idea what this would be.  I've tried the Kerberos "admin" password (used with "kinit admin"), and the root password.  I don't know what other passwords would work.

Is there some way to force this, or reset it, without starting from scratch?  The added challenge is that the person who setup this version of FreeIPA went on vacation for 2 weeks, so I have minimal background with FreeIPA from an admin/install perspective.


Ian Stokes-Rees, PhD                       W: http://hkl.hms.harvard.edu
ijsto...@hkl.hms.harvard.edu               T: +1 617 432-5608 x75
NEBioGrid, Harvard Medical School          C: +1 617 331-5993

Freeipa-users mailing list

Reply via email to