(Hopefully Thunderbird will only send one copy of this. Sorry about the
previous duplicate.)
I run a single FreeIPA server (on CentOS 7) in my home network, and I'm
thinking of migrating it to Fedora. AFAICT, doing this as an actual
upgrade will require multiple cycles of creating a newer FreeIPA server,
adding it as a replica, removing the older server, lather, rinse,
repeat.
I'm only using FreeIPA for its DNS, certificate authority, and LDAP
authentication capabilities, and my home network isn't that large, so
I'm considering simply installing a new server and re-creating the
various users, hosts, services, and DNS zones/entries. (I don't have
any systems that are truly managed with FreeIPA.)
Thus, it would be nice if the new FreeIPA server could use the same
root CA certificate as the existing one. I believe that I can do this
by passing the --external-cert-file option to ipa-server-install, but
I need both the certificate and the private key of the root CA to do so.
Thus, I'm wondering how I can extract the root CA private key from my
existing CentOS 7 (FreeIPA 4.6.8) server.
Thanks!
--
========================================================================
Google Where SkyNet meets Idiocracy
========================================================================