On 12/23/19 4:52 PM, Petar Kozić via FreeIPA-users wrote:
Hi folks,
I have one IPA server in production for my small environment. There I
set Let’s Encrypt CA root and issue .p12 cert without problem.
Now, I want to install FreeIPA on VPS, but I have problem with Let’s
encrypt SSL. I can’t import SSL.
First, I imported CA certficates:
ipa-cacert-manage -n DSTRootCAX3 -t C,, install DTSRootCAX3.pem
ipa-cacert-manage -n LetsEncryptX3 -t C,, install ca.cer
ipa-certupdate -v
That’s all ok.
But than, I generate new p12
with command:
openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out ipa.p12
-certfile fullchain.pem
Than, ask me for pass and that all is ok.
When I run:
ipa-server-certinstall -w ipa.p12 -v
ask me for Directory pass and pass which I enter in step above,
than I get error:
ipalib.backend: DEBUG: Created connection context.ldap2_140380174158736
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=['/usr/bin/certutil', '-d',
'/tmp/tmpauWQ5Z', '-N', '-f',
'/tmp/tmpauWQ5Z/pwdfile.txt', '-@',
'/tmp/tmpauWQ5Z/pwdfile.txt']
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=['/usr/bin/pk12util', '-d',
'dbm:/tmp/tmpauWQ5Z', '-i', 'ipa.p12', '-k',
'/tmp/tmpauWQ5Z/pwdfile.txt', '-v', '-w',
'/tmp/tmp66gfLt']
ipapython.ipautil: DEBUG: Process finished, return code=10
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=pk12util: File Open failed: ipa.p12:
PR_FILE_NOT_FOUND_ERROR: File not found
ipapython.admintool: DEBUG: File
"/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 174, in
execute
return_value = self.run()
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_server_certinstall.py",
line 116, in run
self.replace_http_cert()
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_server_certinstall.py",
line 156, in replace_http_cert
host_name=api.env.host
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_server_certinstall.py",
line 201, in load_pkcs12
**kwargs)
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/installutils.py",
line 1151, in load_pkcs12
raise ScriptError(str(e))
ipapython.admintool: DEBUG: The ipa-server-certinstall command failed,
exception: ScriptError: Failed to load ipa.p12
ipapython.admintool: ERROR: Failed to load ipa.p12
ipapython.admintool: ERROR: The ipa-server-certinstall command failed.
Some ideas ?
Hi,
Did you try to provide the full path to ipa.p12? Check the file permissions?
flo
*—*
*
*
*Petar Kozić*
System Administrator
*mobile: *+381 6 <callto:+381%2060%2006%2088%20008>4 83 44 310*
*
*e-mail:* petar.kozic(a)mint.rs <mailto:petar.kozic@mint.rs>
Mint Services | Jove Ilića 140 | 11000 Beograd | Srbija
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...