I started reading this page, and the description for --pkinit_pin looked wrong. While in there, I figured it might be useful to note that the PKCS#12 files also contain the private keys.
Nalin
>From 8fe270e43d7790dbd4210be9ff212ce410e3da69 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai <na...@redhat.com> Date: Tue, 4 Oct 2011 18:29:45 -0400 Subject: [PATCH 2/2] - note that PKCS#12 files also contain private keys, and that the "pkinit" options refer to the KDC's credentials --- install/tools/man/ipa-replica-prepare.1 | 9 ++++++--- 1 files changed, 6 insertions(+), 3 deletions(-) diff --git a/install/tools/man/ipa-replica-prepare.1 b/install/tools/man/ipa-replica-prepare.1 index c9cd544..7443483 100644 --- a/install/tools/man/ipa-replica-prepare.1 +++ b/install/tools/man/ipa-replica-prepare.1 @@ -34,10 +34,13 @@ Once the file has been created it will be named replica\-hostname. This file can .SH "OPTIONS" .TP \fB\-\-dirsrv_pkcs12\fR=\fIFILE\fR -PKCS#12 file containing the Directory Server SSL Certificate +PKCS#12 file containing the Directory Server SSL Certificate and Private Key .TP \fB\-\-http_pkcs12\fR=\fIFILE\fR -PKCS#12 file containing the Apache Server SSL Certificate +PKCS#12 file containing the Apache Server SSL Certificate and Private Key +.TP +\fB\-\-pkinit_pkcs12\fR=\fIFILE\fR +PKCS#12 file containing the Kerberos KDC Certificate and Private Key .TP \fB\-\-dirsrv_pin\fR=\fIDIRSRV_PIN\fR The password of the Directory Server PKCS#12 file @@ -46,7 +49,7 @@ The password of the Directory Server PKCS#12 file The password of the Apache Server PKCS#12 file .TP \fB\-\-pkinit_pin\fR=\fIPKINIT_PIN\fR -The password of the Apache Server PKCS#12 file +The password of the Kerberos KDC PKCS#12 file .TP \fB\-p\fR \fIDM_PASSWORD\fR, \fB\-\-password\fR=\fIDM_PASSWORD\fR Directory Manager (existing master) password -- 1.7.6.4
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel