Hello All,

I have a crazy notion of storing a host's SSH private keys in a ipa vault,
so that a rebuilt host can use the same keys.

I'm on CentOS 7.2 and I'm using the RPMs available in the standard centos
base repository, so I'm constrained to version 1.0 vaults.  I'm using this

I'm trying these following steps but running into trouble:

ipa service-add ssh/test01.dev.redacted.net

certutil -N -d testcertdb

certutil -R -d testcertdb -a -g 2048 -s 'CN=test01.dev.redacted.net,O=
<paste that csr into the ipa web gui>

ipa-getcert request -r -f testsshd01-cert.pem -k testsshd01-key.pem -K ssh/

ipa vault-add testsshd02 --service ssh/
test01.dev.redacted....@dev.redacted.net --type asymmetric
--public-key-file testsshd01-cert.pem

the last command gives me "ipa: ERROR: invalid 'ipavaultpublickey': Invalid
or unsupported vault public key: Could not unserialize key data."

Is there a preferred way to create a public key for asymmetric encryption
for a service vault?


Anthony Clark
Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to