ipa-backup includes /root/cacert.p12 and /root/ca-cert.p12 but not the PKCS12 files with backup of KRA keys. The file /root/kracert.p12 contains the public and private keys for CN=KRA Transport Certificate, CN=KRA Storage Certificate, CN=CA Subsystem, and CN=KRA Audit. The CA Subsystem key is also in cacert.p12 but the three private keys for KRA transport, storage and audit are not backed up as PKCS12 file. The backup contains another copy of the KRA privates keys as NSSDB /var/lib/pki/pki-tomcat/alias, though.
/root/cacert.p12
/root/ca-cert.p12
/root/kracert.p12
CN=KRA Transport Certificate
CN=KRA Storage Certificate
CN=CA Subsystem
CN=KRA Audit
cacert.p12
/var/lib/pki/pki-tomcat/alias
master:
Metadata Update from @cheimes: - Issue assigned to someone - Issue set to the milestone: FreeIPA 4.5
Login to comment on this ticket.