Lost pass to replica's /root/cacert.p12 - can I re-create it? I have present dir manager pass and primary /root/cacert.p12
11:43 a.m.
Hi.
I have a 2 server IPA setup.
The replica was added a while ago.
Today I tried to extract the cert from the /root/cacert.p12 from the replica server -
however I have no idea what the dir manager password was at the time I created the
replica..
I have the initial dir manager pass for when I setup the primary server and can extract
that fine using
# openssl pkcs12 -in /root/cacert.p12 -clcerts -nokeys -out /tmp/cert.crt
However I do not know the pass for the p12 bundle on the replica.
I have the current directory manager also.
What can I do to extract the p12 bundle on the replica ?
i.e can I re-generate it ? Or does it not matter as I have the primary .p12 pass.
Any advice would be welcomed
Thank you.
12:12 p.m.
New subject: Lost pass to replica's /root/cacert.p12 - can I re-create it? I have present dir manager pass and primary /root/cacert.p12
Morgan Cox via FreeIPA-users wrote:
Hi.
I have a 2 server IPA setup.
The replica was added a while ago.
Today I tried to extract the cert from the /root/cacert.p12 from the replica server -
however I have no idea what the dir manager password was at the time I created the
replica..
I have the initial dir manager pass for when I setup the primary server and can extract
that fine using
# openssl pkcs12 -in /root/cacert.p12 -clcerts -nokeys -out /tmp/cert.crt
However I do not know the pass for the p12 bundle on the replica.
I have the current directory manager also.
What can I do to extract the p12 bundle on the replica ?
i.e can I re-generate it ? Or does it not matter as I have the primary .p12 pass.
The PKCS12Export command can regenerate it.
I'm curious though, what are you intending to do with it?
rob
5:51 a.m.
New subject: Lost pass to replica's /root/cacert.p12 - can I re-create it? I have present dir manager pass and primary /root/cacert.p12
Thank you for the response Rob!
Is there anywhere I can see an example command for PKCS12Export ?
Reason: For PCI compliance, as we are using self signed certs
> Morgan Cox via FreeIPA-users wrote:
>
> The PKCS12Export command can regenerate it.
>
> I'm curious though, what are you intending to do with it?
>
> rob
8:27 a.m.
New subject: Lost pass to replica's /root/cacert.p12 - can I re-create it? I have present dir manager pass and primary /root/cacert.p12
Morgan Cox via FreeIPA-users wrote:
Thank you for the response Rob!
Is there anywhere I can see an example command for PKCS12Export ?
Right, no man page :/
https://access.redhat.com/documentation/en-us/red_hat_certificate_system/...
Reason: For PCI compliance, as we are using self signed certs
Uh, ok? Anyway, just be sure to keep this file safe as it literally
contains the keys to the kingdom.
rob
> Morgan Cox via FreeIPA-users wrote:
>
> The PKCS12Export command can regenerate it.
>
> I'm curious though, what are you intending to do with it?
>
> rob
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedoraho...
1525
days inactive
1526
days old
freeipa-users@lists.fedorahosted.org
3 comments
2 participants
participants (2)
-
Morgan Cox -
Rob Crittenden