URL: https://github.com/freeipa/freeipa/pull/721 Title: #721: Fix RA cert import during DL0 replication
HonzaCholasta commented: """ `ipa-replica-install` fails for me: ``` [2/2]: importing RA certificate from PKCS #12 file [error] CalledProcessError: Command '/usr/bin/openssl pkcs12 -in /tmp/tmpPLwmXjipa/realm_info/ra.p12 -nocerts -nodes -out /var/lib/ipa/ra-agent.key -passin file:/tmp/tmpuzigru' returned non-zero exit status 1 Your system may be partly configured. Run /usr/sbin/ipa-server-install --uninstall to clean up. ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR Command '/usr/bin/openssl pkcs12 -in /tmp/tmpPLwmXjipa/realm_info/ra.p12 -nocerts -nodes -out /var/lib/ipa/ra-agent.key -passin file:/tmp/tmpuzigru' returned non-zero exit status 1 ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information ``` `ipareplica-install.log` says: ``` 2017-04-19T11:28:53Z DEBUG [2/2]: importing RA certificate from PKCS #12 file 2017-04-19T11:28:53Z DEBUG Starting external process 2017-04-19T11:28:53Z DEBUG args=/usr/bin/openssl pkcs12 -in /tmp/tmpPLwmXjipa/realm_info/ra.p12 -nocerts -nodes -out /var/lib/ipa/ra-agent.key -passin file:/tmp/tmpuzigru 2017-04-19T11:28:53Z DEBUG Process finished, return code=1 2017-04-19T11:28:53Z DEBUG stdout= 2017-04-19T11:28:53Z DEBUG stderr=Mac verify error: invalid password? ``` 🤷 """ See the full comment at https://github.com/freeipa/freeipa/pull/721#issuecomment-295230168
-- Manage your subscription for the Freeipa-devel mailing list: https://www.redhat.com/mailman/listinfo/freeipa-devel Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code
