Andreas Ladanyi wrote:

is it possible that ipa-server-certinstall couldnt handle private keys
without password ?

You can file an RFE at

i would test it with a self-signed certificate and test private key file
secured with password, but i dont know whats happen after entering a
valid private key unlock password. Could i stop the certificate import
process at this point, so no change will happen to my productive ipa
server ?

I would not recommend experimenting with random certificates.

It should be possible to add a password to your private key. A quick google found



i try to replace the self signed certificate from the ipa installation
with this description:

ipa-server-certinstall -w -d mysite.key mysite.crt

The tool ask for the private key unlock passwort. The private key was
generated without passwort. I tried out to press only the enter key, but
it doesnt help. So iam confused. The certificate and keyfile are in PEM

For testing I converted the private key with:

openssl rsa -in -out

because i want to know if openssl ask me for a password, but it doesnt.

My version number is FreeIPA 4.1.


Manage your subscription for the Freeipa-users mailing list:
Go to for more info on the project

Reply via email to