Sean McLennan via FreeIPA-users wrote:
Thanks for replying
The missing certs are the real problem. You can look in /root/cacerts.p12 to see if the private keys exist there. The password is the Directory Manager password.
# pk12util -l /root/cacert.p12 |grep Friend
The names will appear twice, one for the private key and one for the public cert.
This is what I get: pk12util: PKCS12 decode not verified: SEC_ERROR_PKCS12_INVALID_MAC: Unable to import. Invalid MAC. Incorrect password or corrupt file. Friendly Name: caSigningCert cert-pki-ca Friendly Name: ocspSigningCert cert-pki-ca Friendly Name: subsystemCert cert-pki-ca Friendly Name: auditSigningCert cert-pki-ca Friendly Name: caSigningCert cert-pki-ca Friendly Name: ocspSigningCert cert-pki-ca Friendly Name: subsystemCert cert-pki-ca Friendly Name: auditSigningCert cert-pki-ca Friendly Name: Server-Cert cert-pki-ca
Ok you probably have all you need but the error message means the password is wrong. Without the password you're still stuck.
rob