Morgan Cox via FreeIPA-users wrote:
Hi.
I have a 2 server IPA setup.
The replica was added a while ago.
Today I tried to extract the cert from the /root/cacert.p12 from the replica server -
however I have no idea what the dir manager password was at the time I created the
replica..
I have the initial dir manager pass for when I setup the primary server and can extract
that fine using
# openssl pkcs12 -in /root/cacert.p12 -clcerts -nokeys -out /tmp/cert.crt
However I do not know the pass for the p12 bundle on the replica.
I have the current directory manager also.
What can I do to extract the p12 bundle on the replica ?
i.e can I re-generate it ? Or does it not matter as I have the primary .p12 pass.
The PKCS12Export command can regenerate it.
I'm curious though, what are you intending to do with it?
rob