Creating the SSL certs/keys for for example Apache can easily be done
by using the FreeIPA Dogtag CA-server. With some effort, I put it in an
Ansible playbook which will install Apache and certficates "on demand".
Sometimes a server needs to be re-installed ("cattle-servers"); why
bother about backup/restore when a server can be redeployed within
minutes. However, a new certificate needs to created; it seems since I
cannot (re)download the private key once created.
Now: is it just impossible to (re) download the private ssl key later
on for re-use?
If not possible: FreeIPA vault (KRA) seems a proper way to store
private key. Correct?