I am redoing freeipa infrastructure in my homelab because I need RSNv3s for ACME to work.
However, on both Fedora 42 and Alma 10, I get the following error during CA setup. Command used: `ipa-server-install --setup-dns --no-forwarders --random-serial-numbers --ssh-trust-dns --mkhomedir` [20/33]: requesting RA certificate from CA [error] CalledProcessError: CalledProcessError(Command ['/usr/bin/openssl', 'pkcs12', '-nocerts', '-in', '/root/ca-agent.p12', '-out', '/var/lib/ipa/tmp_vwkehi7', '-passin', 'file:/tmp/tmp_kb5jcg3', '-nodes'] returned non-zero exit status 1: 'Error outputting keys and certificates\n80F281632D7F0000:error:1C800064:Provider routines:ossl_cipher_unpadblock:bad decrypt:providers/implementations/ciphers/ciphercommon_block.c:107:\n80F281632D7F0000:error:11800074:PKCS12 routines:PKCS12_pbe_crypt_ex:pkcs12 cipherfinal error:crypto/pkcs12/p12_decr.c:84:maybe wrong password\n') CalledProcessError(Command ['/usr/bin/openssl', 'pkcs12', '-nocerts', '-in', '/root/ca-agent.p12', '-out', '/var/lib/ipa/tmp_vwkehi7', '-passin', 'file:/tmp/tmp_kb5jcg3', '-nodes'] returned non-zero exit status 1: 'Error outputting keys and certificates\n80F281632D7F0000:error:1C800064:Provider routines:ossl_cipher_unpadblock:bad decrypt:providers/implementations/ciphers/ciphercommon_block.c:107:\n80F281632D7F0000:error:11800074:PKCS12 routines:PKCS12_pbe_crypt_ex:pkcs12 cipherfinal error:crypto/pkcs12/p12_decr.c:84:maybe wrong password\n') The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information Fedora 42 (freeipa-server package 4.12.2-14.fc42) On alma, OpenSSL is `OpenSSL 3.2.2 4 Jun 2024 (Library: OpenSSL 3.2.2 4 Jun 2024)` The freeipa-server package is ipa-server-4.12.2-15.el10.aarch64.rpm -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
