# head -c20 /dev/random > ~/test_ca/noise.txt
echo $SKID
):
#SKID="0x`openssl rand -hex 20`"
#echo $SKID
0xa30f48abf89afae77e481c712d234ff0e312d44e #certutil -d ~/test_ca -R -s CN=ipabackup.example.test,O=IPA -o /tmp/replicacert.req -k rsa -g 2048 -z ~/test_ca/noise.txt -f ~/test_ca/password.txt -a --extSKID
Generating key. This may take a few moments... Adding Subject Key ID extension. Enter value for the key identifier fields,enter to omit: 0xa30f48abf89afae77e481c712d234ff0e312d44e Is this a critical extension [y/N]? n
#export CERT_SERIAL=$(($CERT_SERIAL + 1))
#certutil -d ~/test_ca -C -c "CA" -i /tmp/replicacert.req -o /tmp/replicacert.pem -m $CERT_SERIAL -v 120 -f ~/test_ca/password.txt -1 -5 -a
2 - Key encipherment 9 - done Is this a critical extension [y/N]? n 1 - SSL Server 9 - done Is this a critical extension [y/N]? n
# certutil -d ~/test_ca -A -i /tmp/replicacert.pem -n Replica-Cert -a -t ,,
Enter Password or Pin for "NSS Certificate DB":
# pk12util -o ~/test_ca/replicacert.p12 -n Replica-Cert -d ~/test_ca -k ~/test_ca/password.txt -w ~/test_ca/password.txt
pk12util: PKCS12 EXPORT SUCCESSFUL
# ipa-replica-install
\
--dirsrv-cert-file ~/test_ca/replicacert.p12 \
--dirsrv-pin SECret.123 \
--http-cert-file ~/test_ca/replicacert.p12 \
--http-pin SECret.123 \
--no-pkinit
…
The ipa-replica-install command was successful