Andrew Meyer via FreeIPA-users wrote: > Hello, > I am trying to find the correct way to get the FreeIPA SSL certificate in pem > format. > > So far I have the following commands: > > kinit $USER_WITH_ADMIN_PRIVS > ipa ca-show > ipa ca-show --certificate-out=/etc/pki/tls/private/server.key > > I don't think this is right. I need this to get the private key for FreeIPA > for setting up Duo 2FA.
You can't retrieve private keys over the IPA API and that's a good thing. I assume you're following some instructions? Can you share them? It's hard to write generic instructions and I doubt that what they are telling you is right for IPA (and for many CA's). rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
