HUANG, TONY via FreeIPA-users wrote:
Hi,
I am trying to achieve user authentication against IdM using user's certificate. User certificate is requested to the built-in CA within IdM and signed by it.
I am able to download the user's public cert via the web UI, but how can I download the private key so I can define it in user's .ldaprc file?
IPA never has access to a user's private key. A key is generated by a user (e.g. openssl genrsa) and a CSR (Certificate Signing Request) using that (openssl req). So the user should already possess the private key.
This is assuming the user used openssl to generate the key. With NSS the private key would in whatever database was used to create the CSR.
rob