On 01/06/2014 12:25 PM, James Scollard wrote: > I have it now. The --dirsrv_pkcs12 option seems to like pkcs7 > formatted certificates, but the person who issued it did not set a > password, so FreeIPA will not let me install it to know if it works > for sure. I am having the certificate reissued again with a password > in pkcs12 format and all should be well with the world again. > > Thanks for your help and guidance on this. Your level of support is > better than I could have expected.
This is not support ;-) We are just a friendly community of developers taking pride in what we do and making sure it works for people who want to use the software we create. Thanks Dmitri > > On 1/6/14 11:01 AM, Rob Crittenden wrote: >> James Scollard wrote: >>> That makes absolute perfect sense. Thanks for the clarification. >>> Unfortunately I have an new issue now. Globalsign has issued me a >>> pkcs7 >>> certificate. FreeIPA does not recognize the format: >>> >>> [root@ldapm6x00 ~]# ipa-server-install >>> --dirsrv_pkcs7=/root/ldapm6x00.sun.weather.com.pkcs7 >>> --http_pkcs7=/root/ldapm6x00.sun.weather.com.pkcs7 >>> --root-ca-file=/root/STAR_CA-2048.crt >>> Usage: ipa-server-install [options] >>> >>> ipa-server-install: error: no such option: --dirsrv_pkcs7 >>> >>> I need to convert it to pkcs12 using the converter here (awesome free >>> tool): >>> >>> https://www.sslshopper.com/ssl-converter.html >>> >>> I need the server's private key file to convert from pkcs7 to pkcs12, >>> but cant find it anywhere. Is there a command to export it or does it >>> live in /var/lib or /etc somewhere? >> >> The private exists wherever you generated the CSR. If you used >> openssl then it would be in a flat file somewhere. If you used NSS >> then it would be in that database. >> >> rob > -- Thank you, Dmitri Pal Sr. Engineering Manager for IdM portfolio Red Hat Inc. ------------------------------- Looking to carve out IT costs? www.redhat.com/carveoutcosts/ _______________________________________________ Freeipa-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-users
