James Scollard wrote:
That makes absolute perfect sense.  Thanks for the clarification.
Unfortunately I have an new issue now.  Globalsign has issued me a pkcs7
certificate.  FreeIPA does not recognize the format:

[root@ldapm6x00 ~]# ipa-server-install
--dirsrv_pkcs7=/root/ldapm6x00.sun.weather.com.pkcs7
--http_pkcs7=/root/ldapm6x00.sun.weather.com.pkcs7
--root-ca-file=/root/STAR_CA-2048.crt
Usage: ipa-server-install [options]

ipa-server-install: error: no such option: --dirsrv_pkcs7

I need to convert it to pkcs12 using the converter here (awesome free
tool):

https://www.sslshopper.com/ssl-converter.html

I need the server's private key file to convert from pkcs7 to pkcs12,
but cant find it anywhere.  Is there a command to export it or does it
live in /var/lib or /etc somewhere?

The private exists wherever you generated the CSR. If you used openssl then it would be in a flat file somewhere. If you used NSS then it would be in that database.

rob

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to