Open lakici opened 2 years ago
Hello guys,
I had an issues with the renew certificate script renew-le.sh, step that generates csr always asks me for password:
OPENSSL_PASSWD_FILE="/var/lib/ipa/passwds/$HOSTNAME-443-RSA" [ -f "$OPENSSL_PASSWD_FILE" ] && OPENSSL_EXTRA_ARGS="-passout file:$OPENSSL_PASSWD_FILE" || OPENSSL_EXTRA_ARGS="" openssl req -new -sha256 -config "$WORKDIR/ipa-httpd.cnf" -key /var/lib/ipa/private/httpd.key -out "$WORKDIR/httpd-csr.der" $OPENSSL_EXTRA_ARGS
I managed to fix the issue by updating OPENSSL_EXTRA_ARGS from -passout to -passin:
OPENSSL_PASSWD_FILE="/var/lib/ipa/passwds/$HOSTNAME-443-RSA" [ -f "$OPENSSL_PASSWD_FILE" ] && OPENSSL_EXTRA_ARGS="-passin file:$OPENSSL_PASSWD_FILE" || OPENSSL_EXTRA_ARGS="" openssl req -new -sha256 -config "$WORKDIR/ipa-httpd.cnf" -key /var/lib/ipa/private/httpd.key -out "$WORKDIR/httpd-csr.der" $OPENSSL_EXTRA_ARGS
Can confirm changing "passout" to "passin" works as expected
confirmed on centos 8
Hello guys,
I had an issues with the renew certificate script renew-le.sh, step that generates csr always asks me for password:
I managed to fix the issue by updating OPENSSL_EXTRA_ARGS from -passout to -passin: