Learn more about these different git repos.
Other Git URLs
When trying to generate certificates, Certmonger is able to generate a client certificate and an encrypted private key in a separate file but is unable to use it.
Steps to reproduce 1. Create a password to encrypt a private key with and store it in a file 2. Generate a certificate with an encrypted private key in separate files (the key is encrypted with a password from 1.) 3. Try to use the generated certificate and key files along with the password file to request a new certificate from Dogtag
Expected result[[BR]] Successfully receive a new certificate
Actual result:
Error 58 connecting to https://vm-076.abc.idm.lab.eng.brq.redhat.com:8443/ca/ee/ca/profileSubmitSSLClient: Problem with the local SSL certificate.
Metadata Update from @stlaz: - Issue set to the milestone: 0.0 NEEDS_TRIAGE
I can't reproduce this:
# ipa-getcert request -f /etc/pki/tls/certs/test.pem -k /etc/pki/tls/private/test.key -K test/hostname -D hostname -w -v --pin 1234 # head -1 /etc/pki/tls/private/test.key -----BEGIN ENCRYPTED PRIVATE KEY----- # getcert list -f /etc/pki/tls/certs/test.pem | grep expire expires: 2023-02-17 19:29:55 UTC
hostname
Now I resubmit:
# ipa-getcert resubmit -f /etc/pki/tls/certs/test.pem -K test/hostname -D hostname -w -v # head -1 /etc/pki/tls/private/test.key -----BEGIN ENCRYPTED PRIVATE KEY----- # getcert list -f /etc/pki/tls/certs/test.pem | grep expire expires: 2023-02-17 19:31:38 UTC
It re-issued the cert just fine and I didn't need to provide the pin as certmonger knows it.
Metadata Update from @rcritten: - Issue close_status updated to: None
Login to comment on this ticket.