On 05/28/2015 03:09 PM, Rob Crittenden wrote:
> Orion Poplawski wrote:
>> We did a CAless install:
>>
>> ipa-server-install -r NWRA.COM -n nwra.com -p `cat /etc/ldap.secret` -a `cat
>> /etc/ldap.secret` --root-ca-file=PositiveSSLCA2.crt
>> --dirsrv_pkcs12=nwra.com.p12 --dirsrv_pin=XXXX --http_pkcs12=nwra.com.p12
>> --http_pin=XXXX --idstart=8000
>>
>> But now when we try to setup a replica:
>>
>> # ipa-replica-prepare ipa1.nwra.com --dirsrv_pkcs12=nwra.com.p12
>> --dirsrv_pin=XXXX --http_pkcs12=nwra.com.p12 --http_pin=XXXX
>> Directory Manager (existing master) password:
>>
>> The full certificate chain is not present in nwra.com.p12
>>
>>
>> p12 file was created with:
>>
>> openssl pkcs12 -export -in /etc/pki/tls/certs/nwra.com.crt -inkey
>> /etc/pki/tls/private/nwra.com.key -certfile
>> /etc/pki/tls/certs/PositiveSSLCA2.crt -out nwra.com.p12
>>
>> ipa-server-4.1.0-18.sl7_1.3.x86_64
>>
>> Any thoughts?
>>
> 
> At a glance your creation steps look ok. Strangely, the same code that loads
> the PKCS#12 files are used both in the server install and replica prepare, the
> only difference it seems is that with the server install we get a copy of the
> CA separately too.
> 
> Can you provide the output of: pk12util -l nwra.com.p12
> 
> Maybe we can work out what it thinks is missing.
> 
> rob

I think I need to redo our install with an updated (SHA-2?) certificate, but I
wouldn't think that would affect this issue either.

# pk12util -l nwra.com.p12
Enter password for PKCS12 file:
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:22:20:8d:d6:04:19:2a:b1:e7:e5:4f:5e:e0:30:0e
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=PositiveSSL CA 2,O=COMODO CA Limited,L=Salford,ST=Greater
             Manchester,C=GB"
        Validity:
            Not Before: Thu Oct 11 00:00:00 2012
            Not After : Tue Oct 10 23:59:59 2017
        Subject: "CN=*.nwra.com,OU=PositiveSSL Wildcard,OU=Domain Control Val
            idated"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:08:80:96:8f:f0:80:86:cd:f0:e7:6a:11:7f:8e:fb:
                    4b:95:6a:42:93:c7:cf:c3:76:80:bd:a6:cc:6c:fd:e2:
                    89:1a:3f:97:c1:3d:2d:fe:e4:4a:90:c5:aa:33:97:b3:
                    54:cc:67:73:57:2d:cb:9f:d0:27:ea:f0:d8:9b:5d:24:
                    94:2f:f5:84:06:d4:04:e8:83:c5:b2:40:b1:59:2c:f8:
                    4f:73:9c:41:fc:8d:46:3d:be:46:e7:9f:15:5d:8c:a5:
                    47:23:de:e2:cf:b3:be:97:ed:0c:82:3e:00:29:b7:8b:
                    a0:86:92:ec:07:00:8b:35:77:1c:27:ba:c8:a0:80:dc:
                    9a:69:dd:99:89:df:b4:70:f6:f6:8c:23:8b:f9:1d:bf:
                    ba:07:32:36:17:bc:25:e7:fb:7a:b0:11:86:de:88:59:
                    51:ed:e5:de:5e:14:e5:c0:28:ce:d3:5b:92:38:de:fa:
                    4b:15:9d:62:13:69:31:5a:0d:21:6e:2e:a6:c6:ae:30:
                    94:95:ce:e6:6c:dc:22:71:b4:1a:3a:f9:ec:4b:72:e4:
                    9d:82:ba:6b:a5:46:b0:b7:5a:23:22:d3:92:57:5b:bf:
                    55:fd:70:df:36:13:9c:a9:df:50:6e:62:43:23:13:eb:
                    f5:ef:ee:c7:15:e0:46:37:21:9b:3d:86:ea:2c:c7:01
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Authority Key Identifier
            Key ID:
                99:e4:40:5f:6b:14:5e:3e:05:d9:dd:d3:63:54:fc:62:
                b8:f7:00:ac

            Name: Certificate Subject Key ID
            Data:
                e9:88:f0:50:0f:f6:09:89:5c:3d:53:70:38:ca:82:22:
                42:7e:21:e3

            Name: Certificate Key Usage
            Critical: True
            Usages: Digital Signature
                    Key Encipherment

            Name: Certificate Basic Constraints
            Critical: True
            Data: Is not a CA.

            Name: Extended Key Usage
                TLS Web Server Authentication Certificate
                TLS Web Client Authentication Certificate

            Name: Certificate Policies
            Data:
                Policy Name: OID.1.3.6.1.4.1.6449.1.2.2.7
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                    Policy Qualifier Data: "http://www.positivessl.com/CPS";
                Policy Name: OID.2.23.140.1.2.1

            Name: CRL Distribution Points
            Distribution point:
                URI: "http://crl.comodoca.com/PositiveSSLCA2.crl";

            Name: Authority Information Access
            Method: PKIX CA issuers access method
            Location:
                URI: "http://crt.comodoca.com/PositiveSSLCA2.crt";
            Method: PKIX Online Certificate Status Protocol
            Location:
                URI: "http://ocsp.comodoca.com";

            Name: Certificate Subject Alt Name
            DNS name: "*.nwra.com"
            DNS name: "nwra.com"

    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        91:48:95:7d:ce:fa:42:46:16:57:a4:4d:35:0d:6f:67:
        1e:96:eb:4f:78:ba:8b:99:cf:85:49:08:27:43:22:3a:
        6b:69:45:0a:06:57:2b:23:e1:0f:d5:ed:4b:2c:b0:a6:
        24:92:2c:cb:92:e0:60:be:88:8c:76:89:f0:37:94:28:
        68:b4:09:26:c0:b0:c7:3a:b8:cb:92:c9:0b:02:0f:90:
        10:9a:94:2b:d0:50:e9:1e:57:8f:ee:f9:1a:9b:8d:14:
        57:29:13:38:e9:a1:b3:c2:1d:a4:e7:25:64:de:83:16:
        6d:80:d9:b4:94:a2:bf:e1:8d:c2:1b:49:93:4e:61:c3:
        14:a0:5f:ab:7d:c9:9f:ec:e3:2c:d1:7b:fc:ba:84:77:
        11:52:55:01:d6:68:48:79:dc:ad:3b:a4:9e:ed:95:58:
        79:da:7d:12:32:20:7c:5b:25:b9:c0:09:df:f2:c6:55:
        f7:ad:75:75:ca:fc:dd:d4:6a:04:4c:89:92:89:3c:39:
        c9:f4:6b:a2:a6:b6:c2:cb:59:e2:ab:f8:6d:c1:a9:49:
        94:bc:d6:e6:44:98:04:53:1a:58:79:df:9c:f1:06:74:
        7c:97:68:ff:86:c3:82:48:a1:2d:62:d4:31:bf:2f:b5:
        f6:e1:bc:6f:52:2c:7c:3e:7a:5f:a7:9a:a4:6c:f5:72
    Fingerprint (SHA-256):

0C:C8:5C:1F:CB:EF:A6:E8:CA:EE:4E:D1:2C:20:67:A0:A0:29:8E:28:37:53:BC:40:93:81:19:47:8B:D2:CC:F8
    Fingerprint (SHA1):
        1B:73:6C:D5:AD:77:16:EF:71:E9:CB:AD:9D:16:D1:72:96:35:10:E9

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:6f:12:46:81:45:9c:28:d5:48:d6:97:c4:0e:00:1b
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=AddTrust External CA Root,OU=AddTrust External TTP Networ
            k,O=AddTrust AB,C=SE"
        Validity:
            Not Before: Thu Feb 16 00:00:00 2012
            Not After : Sat May 30 10:48:38 2020
        Subject: "CN=PositiveSSL CA 2,O=COMODO CA Limited,L=Salford,ST=Greate
            r Manchester,C=GB"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e8:ea:39:e3:22:a6:aa:b9:c4:00:d0:e7:aa:67:3b:43:
                    07:bd:4f:92:eb:bc:be:01:a3:40:ad:e0:ef:44:28:b5:
                    d0:3a:be:80:54:17:85:7a:6b:84:6c:36:36:e5:a3:24:
                    e2:fe:28:01:90:bc:d7:dd:0f:b9:2b:4e:48:77:05:69:
                    af:de:57:30:b1:e8:fb:1a:03:f6:3c:5b:53:1e:a1:01:
                    49:68:72:73:d6:33:2b:43:a9:37:32:52:0f:ae:27:56:
                    31:30:60:ad:c9:bd:73:2c:39:ee:90:d8:75:b0:25:21:
                    60:7b:2a:7f:02:fd:82:85:1f:74:4f:92:34:73:5c:1d:
                    00:a0:b0:c0:ea:98:e2:be:01:14:58:17:28:22:8a:77:
                    5d:50:25:cd:9a:6c:a6:e5:0c:e5:ab:28:c3:b2:20:89:
                    f0:07:24:1e:95:c2:2e:c0:e5:e9:ec:f6:3d:12:07:48:
                    3d:d2:c3:23:56:41:ec:d3:df:35:4b:c8:e7:f6:86:05:
                    52:10:43:9a:8c:17:7c:8b:aa:bc:78:e0:f0:45:3b:ac:
                    80:55:fe:28:93:e1:0a:11:68:f4:52:57:6f:fe:48:0b:
                    5b:5d:1a:6a:67:73:99:82:b4:9e:43:60:3e:c7:5b:2a:
                    12:6e:1a:ee:cb:39:ae:c3:35:9d:a8:bc:5d:b0:2f:c3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Authority Key Identifier
            Key ID:
                ad:bd:98:7a:34:b4:26:f7:fa:c4:26:54:ef:03:bd:e0:
                24:cb:54:1a

            Name: Certificate Subject Key ID
            Data:
                99:e4:40:5f:6b:14:5e:3e:05:d9:dd:d3:63:54:fc:62:
                b8:f7:00:ac

            Name: Certificate Key Usage
            Critical: True
            Usages: Certificate Signing
                    CRL Signing

            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with a maximum path length of 0.
# pk12util -l nwra.com.p12
Enter password for PKCS12 file:
Certificate(has private key):
    Data:
        Version: 3 (0x2)
        Serial Number:
            45:22:20:8d:d6:04:19:2a:b1:e7:e5:4f:5e:e0:30:0e
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=PositiveSSL CA 2,O=COMODO CA Limited,L=Salford,ST=Greater
             Manchester,C=GB"
        Validity:
            Not Before: Thu Oct 11 00:00:00 2012
            Not After : Tue Oct 10 23:59:59 2017
        Subject: "CN=*.nwra.com,OU=PositiveSSL Wildcard,OU=Domain Control Val
            idated"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    d8:08:80:96:8f:f0:80:86:cd:f0:e7:6a:11:7f:8e:fb:
                    4b:95:6a:42:93:c7:cf:c3:76:80:bd:a6:cc:6c:fd:e2:
                    89:1a:3f:97:c1:3d:2d:fe:e4:4a:90:c5:aa:33:97:b3:
                    54:cc:67:73:57:2d:cb:9f:d0:27:ea:f0:d8:9b:5d:24:
                    94:2f:f5:84:06:d4:04:e8:83:c5:b2:40:b1:59:2c:f8:
                    4f:73:9c:41:fc:8d:46:3d:be:46:e7:9f:15:5d:8c:a5:
                    47:23:de:e2:cf:b3:be:97:ed:0c:82:3e:00:29:b7:8b:
                    a0:86:92:ec:07:00:8b:35:77:1c:27:ba:c8:a0:80:dc:
                    9a:69:dd:99:89:df:b4:70:f6:f6:8c:23:8b:f9:1d:bf:
                    ba:07:32:36:17:bc:25:e7:fb:7a:b0:11:86:de:88:59:
                    51:ed:e5:de:5e:14:e5:c0:28:ce:d3:5b:92:38:de:fa:
                    4b:15:9d:62:13:69:31:5a:0d:21:6e:2e:a6:c6:ae:30:
                    94:95:ce:e6:6c:dc:22:71:b4:1a:3a:f9:ec:4b:72:e4:
                    9d:82:ba:6b:a5:46:b0:b7:5a:23:22:d3:92:57:5b:bf:
                    55:fd:70:df:36:13:9c:a9:df:50:6e:62:43:23:13:eb:
                    f5:ef:ee:c7:15:e0:46:37:21:9b:3d:86:ea:2c:c7:01
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Authority Key Identifier
            Key ID:
                99:e4:40:5f:6b:14:5e:3e:05:d9:dd:d3:63:54:fc:62:
                b8:f7:00:ac

            Name: Certificate Subject Key ID
            Data:
                e9:88:f0:50:0f:f6:09:89:5c:3d:53:70:38:ca:82:22:
                42:7e:21:e3

            Name: Certificate Key Usage
            Critical: True
            Usages: Digital Signature
                    Key Encipherment

            Name: Certificate Basic Constraints
            Critical: True
            Data: Is not a CA.

            Name: Extended Key Usage
                TLS Web Server Authentication Certificate
                TLS Web Client Authentication Certificate

            Name: Certificate Policies
            Data:
                Policy Name: OID.1.3.6.1.4.1.6449.1.2.2.7
                    Policy Qualifier Name: PKIX CPS Pointer Qualifier
                    Policy Qualifier Data: "http://www.positivessl.com/CPS";
                Policy Name: OID.2.23.140.1.2.1

            Name: CRL Distribution Points
            Distribution point:
                URI: "http://crl.comodoca.com/PositiveSSLCA2.crl";

            Name: Authority Information Access
            Method: PKIX CA issuers access method
            Location:
                URI: "http://crt.comodoca.com/PositiveSSLCA2.crt";
            Method: PKIX Online Certificate Status Protocol
            Location:
                URI: "http://ocsp.comodoca.com";

            Name: Certificate Subject Alt Name
            DNS name: "*.nwra.com"
            DNS name: "nwra.com"

    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        91:48:95:7d:ce:fa:42:46:16:57:a4:4d:35:0d:6f:67:
        1e:96:eb:4f:78:ba:8b:99:cf:85:49:08:27:43:22:3a:
        6b:69:45:0a:06:57:2b:23:e1:0f:d5:ed:4b:2c:b0:a6:
        24:92:2c:cb:92:e0:60:be:88:8c:76:89:f0:37:94:28:
        68:b4:09:26:c0:b0:c7:3a:b8:cb:92:c9:0b:02:0f:90:
        10:9a:94:2b:d0:50:e9:1e:57:8f:ee:f9:1a:9b:8d:14:
        57:29:13:38:e9:a1:b3:c2:1d:a4:e7:25:64:de:83:16:
        6d:80:d9:b4:94:a2:bf:e1:8d:c2:1b:49:93:4e:61:c3:
        14:a0:5f:ab:7d:c9:9f:ec:e3:2c:d1:7b:fc:ba:84:77:
        11:52:55:01:d6:68:48:79:dc:ad:3b:a4:9e:ed:95:58:
        79:da:7d:12:32:20:7c:5b:25:b9:c0:09:df:f2:c6:55:
        f7:ad:75:75:ca:fc:dd:d4:6a:04:4c:89:92:89:3c:39:
        c9:f4:6b:a2:a6:b6:c2:cb:59:e2:ab:f8:6d:c1:a9:49:
        94:bc:d6:e6:44:98:04:53:1a:58:79:df:9c:f1:06:74:
        7c:97:68:ff:86:c3:82:48:a1:2d:62:d4:31:bf:2f:b5:
        f6:e1:bc:6f:52:2c:7c:3e:7a:5f:a7:9a:a4:6c:f5:72
    Fingerprint (SHA-256):

0C:C8:5C:1F:CB:EF:A6:E8:CA:EE:4E:D1:2C:20:67:A0:A0:29:8E:28:37:53:BC:40:93:81:19:47:8B:D2:CC:F8
    Fingerprint (SHA1):
        1B:73:6C:D5:AD:77:16:EF:71:E9:CB:AD:9D:16:D1:72:96:35:10:E9

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            07:6f:12:46:81:45:9c:28:d5:48:d6:97:c4:0e:00:1b
        Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
        Issuer: "CN=AddTrust External CA Root,OU=AddTrust External TTP Networ
            k,O=AddTrust AB,C=SE"
        Validity:
            Not Before: Thu Feb 16 00:00:00 2012
            Not After : Sat May 30 10:48:38 2020
        Subject: "CN=PositiveSSL CA 2,O=COMODO CA Limited,L=Salford,ST=Greate
            r Manchester,C=GB"
        Subject Public Key Info:
            Public Key Algorithm: PKCS #1 RSA Encryption
            RSA Public Key:
                Modulus:
                    e8:ea:39:e3:22:a6:aa:b9:c4:00:d0:e7:aa:67:3b:43:
                    07:bd:4f:92:eb:bc:be:01:a3:40:ad:e0:ef:44:28:b5:
                    d0:3a:be:80:54:17:85:7a:6b:84:6c:36:36:e5:a3:24:
                    e2:fe:28:01:90:bc:d7:dd:0f:b9:2b:4e:48:77:05:69:
                    af:de:57:30:b1:e8:fb:1a:03:f6:3c:5b:53:1e:a1:01:
                    49:68:72:73:d6:33:2b:43:a9:37:32:52:0f:ae:27:56:
                    31:30:60:ad:c9:bd:73:2c:39:ee:90:d8:75:b0:25:21:
                    60:7b:2a:7f:02:fd:82:85:1f:74:4f:92:34:73:5c:1d:
                    00:a0:b0:c0:ea:98:e2:be:01:14:58:17:28:22:8a:77:
                    5d:50:25:cd:9a:6c:a6:e5:0c:e5:ab:28:c3:b2:20:89:
                    f0:07:24:1e:95:c2:2e:c0:e5:e9:ec:f6:3d:12:07:48:
                    3d:d2:c3:23:56:41:ec:d3:df:35:4b:c8:e7:f6:86:05:
                    52:10:43:9a:8c:17:7c:8b:aa:bc:78:e0:f0:45:3b:ac:
                    80:55:fe:28:93:e1:0a:11:68:f4:52:57:6f:fe:48:0b:
                    5b:5d:1a:6a:67:73:99:82:b4:9e:43:60:3e:c7:5b:2a:
                    12:6e:1a:ee:cb:39:ae:c3:35:9d:a8:bc:5d:b0:2f:c3
                Exponent: 65537 (0x10001)
        Signed Extensions:
            Name: Certificate Authority Key Identifier
            Key ID:
                ad:bd:98:7a:34:b4:26:f7:fa:c4:26:54:ef:03:bd:e0:
                24:cb:54:1a

            Name: Certificate Subject Key ID
            Data:
                99:e4:40:5f:6b:14:5e:3e:05:d9:dd:d3:63:54:fc:62:
                b8:f7:00:ac

            Name: Certificate Key Usage
            Critical: True
            Usages: Certificate Signing
                    CRL Signing

            Name: Certificate Basic Constraints
            Critical: True
            Data: Is a CA with a maximum path length of 0.

            Name: Certificate Policies
            Data:
                Policy Name: Certificate Policies AnyPolicy

            Name: CRL Distribution Points
            Distribution point:
                URI: "http://crl.usertrust.com/AddTrustExternalCARoot.crl";

            Name: Authority Information Access
            Method: PKIX CA issuers access method
            Location:
                URI: "http://crt.usertrust.com/AddTrustExternalCARoot.p7c";
            Method: PKIX CA issuers access method
            Location:
                URI: "http://crt.usertrust.com/AddTrustUTNSGCCA.crt";
            Method: PKIX Online Certificate Status Protocol
            Location:
                URI: "http://ocsp.usertrust.com";

    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        9c:36:e3:4e:ae:f1:8a:bb:6c:97:8c:8f:4b:67:d0:9f:
        d8:84:aa:9f:21:5f:35:a1:5b:c4:2b:63:0d:e8:bc:77:
        5d:a7:c4:37:fd:4b:2d:9e:e8:1d:69:a1:c0:84:cc:d1:
        6d:8b:f3:81:cb:9f:4b:74:b0:49:2a:31:e8:37:40:eb:
        1f:d9:97:a3:1a:11:d5:26:a7:6e:0f:ba:d5:be:2c:fd:
        b4:91:64:dc:be:3b:19:50:0d:7a:95:f3:04:13:a9:bb:
        47:0f:8b:5c:d1:ac:c2:7b:77:21:50:dd:5b:ab:ee:f4:
        a6:d8:d4:4a:53:6b:4d:ad:b8:c8:e7:e6:52:58:4d:43:
        4c:c2:a2:23:4f:0e:c0:20:39:af:df:4f:42:5b:1e:d3:
        09:f4:18:09:59:2a:d9:e8:4a:18:bf:32:fb:fa:2d:64:
        8b:87:ca:5b:2b:e8:b8:0b:7e:be:17:12:c7:03:82:29:
        af:58:af:85:84:5d:3d:0a:df:23:51:c3:cd:af:10:bf:
        80:69:77:91:0a:4f:e5:ba:e1:ad:9b:ce:df:33:4e:30:
        3b:e9:8f:66:7f:82:fa:6b:fa:db:a3:c0:73:00:e3:d6:
        12:af:4d:f2:0f:5a:14:51:1f:6d:b8:86:81:62:07:ce:
        5c:72:c2:4f:f3:57:2a:71:d9:d4:97:85:e6:18:53:b7
    Fingerprint (SHA-256):

44:75:53:4D:BB:11:47:14:C6:28:D3:EE:F2:18:11:00:2D:6C:CE:CC:43:28:E4:15:87:73:22:51:E4:24:F8:A6
    Fingerprint (SHA1):
        94:80:7B:1C:78:8D:D2:FC:BE:19:C8:48:1C:E4:1C:FA:B8:A4:C1:7F

Key(shrouded):
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                f0:6c:0b:29:47:50:d8:b3
            Iteration Count: 2048 (0x800)

            Name: Certificate Policies
            Data:
                Policy Name: Certificate Policies AnyPolicy

            Name: CRL Distribution Points
            Distribution point:
                URI: "http://crl.usertrust.com/AddTrustExternalCARoot.crl";

            Name: Authority Information Access
            Method: PKIX CA issuers access method
            Location:
                URI: "http://crt.usertrust.com/AddTrustExternalCARoot.p7c";
            Method: PKIX CA issuers access method
            Location:
                URI: "http://crt.usertrust.com/AddTrustUTNSGCCA.crt";
            Method: PKIX Online Certificate Status Protocol
            Location:
                URI: "http://ocsp.usertrust.com";

    Signature Algorithm: PKCS #1 SHA-1 With RSA Encryption
    Signature:
        9c:36:e3:4e:ae:f1:8a:bb:6c:97:8c:8f:4b:67:d0:9f:
        d8:84:aa:9f:21:5f:35:a1:5b:c4:2b:63:0d:e8:bc:77:
        5d:a7:c4:37:fd:4b:2d:9e:e8:1d:69:a1:c0:84:cc:d1:
        6d:8b:f3:81:cb:9f:4b:74:b0:49:2a:31:e8:37:40:eb:
        1f:d9:97:a3:1a:11:d5:26:a7:6e:0f:ba:d5:be:2c:fd:
        b4:91:64:dc:be:3b:19:50:0d:7a:95:f3:04:13:a9:bb:
        47:0f:8b:5c:d1:ac:c2:7b:77:21:50:dd:5b:ab:ee:f4:
        a6:d8:d4:4a:53:6b:4d:ad:b8:c8:e7:e6:52:58:4d:43:
        4c:c2:a2:23:4f:0e:c0:20:39:af:df:4f:42:5b:1e:d3:
        09:f4:18:09:59:2a:d9:e8:4a:18:bf:32:fb:fa:2d:64:
        8b:87:ca:5b:2b:e8:b8:0b:7e:be:17:12:c7:03:82:29:
        af:58:af:85:84:5d:3d:0a:df:23:51:c3:cd:af:10:bf:
        80:69:77:91:0a:4f:e5:ba:e1:ad:9b:ce:df:33:4e:30:
        3b:e9:8f:66:7f:82:fa:6b:fa:db:a3:c0:73:00:e3:d6:
        12:af:4d:f2:0f:5a:14:51:1f:6d:b8:86:81:62:07:ce:
        5c:72:c2:4f:f3:57:2a:71:d9:d4:97:85:e6:18:53:b7
    Fingerprint (SHA-256):

44:75:53:4D:BB:11:47:14:C6:28:D3:EE:F2:18:11:00:2D:6C:CE:CC:43:28:E4:15:87:73:22:51:E4:24:F8:A6
    Fingerprint (SHA1):
        94:80:7B:1C:78:8D:D2:FC:BE:19:C8:48:1C:E4:1C:FA:B8:A4:C1:7F

Key(shrouded):
    Encryption algorithm: PKCS #12 V2 PBE With SHA-1 And 3KEY Triple DES-CBC
        Parameters:
            Salt:
                f0:6c:0b:29:47:50:d8:b3
            Iteration Count: 2048 (0x800)


-- 
Orion Poplawski
Technical Manager                     303-415-9701 x222
NWRA, Boulder/CoRA Office             FAX: 303-415-9702
3380 Mitchell Lane                       or...@nwra.com
Boulder, CO 80301                   http://www.nwra.com

-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to