Hi Rob,

is it possible that ipa-server-certinstall couldnt handle private keys
without password ?

You can file an RFE at https://fedorahosted.org/freeipa/newticket
It seems that ipa-server-certinstall couldnt handle private keys with passwort, too. See my result below.

i would test it with a self-signed certificate and test private key file
secured with password, but i dont know whats happen after entering a
valid private key unlock password. Could i stop the certificate import
process at this point, so no change will happen to my productive ipa
server ?

I would not recommend experimenting with random certificates.

It should be possible to add a password to your private key. A quick google found http://security.stackexchange.com/questions/59136/can-i-add-a-password-to-an-existing-private-key
Thats a great idea. I have done so and tested again:

openssl rsa -des3 -in private.key -out private_key_with_pw.key

ipa-server-certinstall -w certificate.pem private_key_with_pw.key

After entering the password to unlock private key i get the message:

Insufficient access:  Invalid credentials


Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to