Hi folks,
I have one IPA server in production for my small environment. There I set
Let’s Encrypt CA root and issue .p12 cert without problem.
Now, I want to install FreeIPA on VPS, but I have problem with Let’s
encrypt SSL. I can’t import SSL.
First, I imported CA certficates:
ipa-cacert-manage -n DSTRootCAX3 -t C,, install DTSRootCAX3.pem
ipa-cacert-manage -n LetsEncryptX3 -t C,, install ca.cer
ipa-certupdate -v
That’s all ok.
But than, I generate new p12
with command:
openssl pkcs12 -export -in cert.pem -inkey privkey.pem -out ipa.p12
-certfile fullchain.pem
Than, ask me for pass and that all is ok.
When I run:
ipa-server-certinstall -w ipa.p12 -v
ask me for Directory pass and pass which I enter in step above,
than I get error:
ipalib.backend: DEBUG: Created connection context.ldap2_140380174158736
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=['/usr/bin/certutil', '-d',
'/tmp/tmpauWQ5Z', '-N', '-f', '/tmp/tmpauWQ5Z/pwdfile.txt', '-@',
'/tmp/tmpauWQ5Z/pwdfile.txt']
ipapython.ipautil: DEBUG: Process finished, return code=0
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=
ipapython.ipautil: DEBUG: Starting external process
ipapython.ipautil: DEBUG: args=['/usr/bin/pk12util', '-d',
'dbm:/tmp/tmpauWQ5Z', '-i', 'ipa.p12', '-k', '/tmp/tmpauWQ5Z/pwdfile.txt',
'-v', '-w', '/tmp/tmp66gfLt']
ipapython.ipautil: DEBUG: Process finished, return code=10
ipapython.ipautil: DEBUG: stdout=
ipapython.ipautil: DEBUG: stderr=pk12util: File Open failed: ipa.p12:
PR_FILE_NOT_FOUND_ERROR: File not found
ipapython.admintool: DEBUG: File
"/usr/lib/python2.7/dist-packages/ipapython/admintool.py", line 174, in
execute
return_value = self.run()
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_server_certinstall.py",
line 116, in run
self.replace_http_cert()
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_server_certinstall.py",
line 156, in replace_http_cert
host_name=api.env.host
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/ipa_server_certinstall.py",
line 201, in load_pkcs12
**kwargs)
File
"/usr/lib/python2.7/dist-packages/ipaserver/install/installutils.py", line
1151, in load_pkcs12
raise ScriptError(str(e))
ipapython.admintool: DEBUG: The ipa-server-certinstall command failed,
exception: ScriptError: Failed to load ipa.p12
ipapython.admintool: ERROR: Failed to load ipa.p12
ipapython.admintool: ERROR: The ipa-server-certinstall command failed.
Some ideas ?
*—*
*Petar Kozić*
System Administrator
*mobile: *+381 6 <callto:+381%2060%2006%2088%20008>4 83 44 310
*e-mail:* petar.kozic(a)mint.rs
Mint Services | Jove Ilića 140 | 11000 Beograd | Srbija