Hi Rob,
Hi,
is it possible that ipa-server-certinstall couldnt handle private keys
without password ?
You can file an RFE at https://fedorahosted.org/freeipa/newticket
It seems that ipa-server-certinstall couldnt handle private keys with
passwort, too. See my result below.
i would test it with a self-signed certificate and test private key file
secured with password, but i dont know whats happen after entering a
valid private key unlock password. Could i stop the certificate import
process at this point, so no change will happen to my productive ipa
server ?
I would not recommend experimenting with random certificates.
It should be possible to add a password to your private key. A quick
google found
http://security.stackexchange.com/questions/59136/can-i-add-a-password-to-an-existing-private-key
Thats a great idea. I have done so and tested again:
openssl rsa -des3 -in private.key -out private_key_with_pw.key
ipa-server-certinstall -w certificate.pem private_key_with_pw.key
After entering the password to unlock private key i get the message:
Insufficient access: Invalid credentials
Andreas
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project
