roy liang via FreeIPA-users wrote:
You may want to broaden your search for just pem.
It's possible this was never available in your release. I don't know if
it can be backported or not.
What this does is lets flat files, which in this case contain the RA
certificate and private key necessary for IPA to authenticate to the CA,
be used by an NSS database by making them appear as a PKCS#11 device.
rob
Like this?What do I need to do next?
# find / -name *.pem*
/usr/local/i386/comm_repos/platform/yy-cacert.pem
/usr/local/i386/comm_repos/platform/yy-cacert-20220212.pem.bak
/usr/lib/python2.7/dist-packages/twisted/test/server.pem
/usr/lib/python2.7/dist-packages/twisted/internet/test/fake_CAs/thing1.pem
/usr/lib/python2.7/dist-packages/twisted/internet/test/fake_CAs/thing2-duplicate.pem
/usr/lib/python2.7/dist-packages/twisted/internet/test/fake_CAs/chain.pem
/usr/lib/python2.7/dist-packages/twisted/internet/test/fake_CAs/thing2.pem
/usr/lib/python2.7/dist-packages/twisted/mail/test/server.pem
/usr/share/gnupg2/sks-keyservers.netCA.pem
/usr/share/doc/libnet-ssleay-perl/examples/server_key.pem
/usr/share/doc/libssl-doc/demos/sign/cert.pem
/usr/share/doc/libssl-doc/demos/sign/key.pem
/usr/share/doc/libssl-doc/demos/smime/cakey.pem
/usr/share/doc/libssl-doc/demos/smime/cacert.pem
/usr/share/doc/libssl-doc/demos/smime/signer2.pem
/usr/share/doc/libssl-doc/demos/smime/signer.pem
/usr/share/doc/libssl-doc/demos/easy_tls/cacerts.pem
/usr/share/doc/libssl-doc/demos/easy_tls/cert.pem
/usr/share/doc/libssl-doc/demos/bio/server.pem
/usr/share/doc/libssl-doc/demos/privkey.pem
/usr/share/doc/libssl-doc/demos/tunala/CA.pem
/usr/share/doc/libssl-doc/demos/tunala/A-client.pem.gz
/usr/share/doc/libssl-doc/demos/tunala/A-server.pem.gz
/usr/share/doc/libssl-doc/demos/cms/cakey.pem
/usr/share/doc/libssl-doc/demos/cms/cacert.pem
/usr/share/doc/libssl-doc/demos/cms/signer2.pem
/usr/share/doc/libssl-doc/demos/cms/signer.pem
/etc/apache2/nssdb/kra-agent.pem
/etc/ssl/certs/SwissSign_Platinum_CA_-_G2.pem
/etc/ssl/certs/COMODO_RSA_Certification_Authority.pem
/etc/ssl/certs/NetLock_Business_=Class_B=_Root.pem
/etc/ssl/certs/E-Tugra_Certification_Authority.pem
/etc/ssl/certs/certSIGN_ROOT_CA.pem
/etc/ssl/certs/NetLock_Qualified_=Class_QA=_Root.pem
/etc/ssl/certs/Security_Communication_Root_CA.pem
/etc/ssl/certs/Swisscom_Root_EV_CA_2.pem
/etc/ssl/certs/Verisign_Class_2_Public_Primary_Certification_Authority_-_G2.pem
/etc/ssl/certs/OISTE_WISeKey_Global_Root_GB_CA.pem
/etc/ssl/certs/AffirmTrust_Premium.pem
/etc/ssl/certs/Global_Chambersign_Root_-_2008.pem
/etc/ssl/certs/TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H5.pem
/etc/ssl/certs/Certigna.pem
/etc/ssl/certs/EC-ACC.pem
/etc/ssl/certs/thawte_Primary_Root_CA_-_G2.pem
/etc/ssl/certs/GeoTrust_Primary_Certification_Authority_-_G3.pem
/etc/ssl/certs/CA_Disig_Root_R2.pem
/etc/ssl/certs/Camerfirma_Chambers_of_Commerce_Root.pem
/etc/ssl/certs/DigiCert_Assured_ID_Root_G2.pem
/etc/ssl/certs/Secure_Global_CA.pem
/etc/ssl/certs/Verisign_Class_2_Public_Primary_Certification_Authority_-_G3.pem
/etc/ssl/certs/Chambers_of_Commerce_Root_-_2008.pem
/etc/ssl/certs/Starfield_Root_Certificate_Authority_-_G2.pem
/etc/ssl/certs/Verisign_Class_3_Public_Primary_Certification_Authority.pem
/etc/ssl/certs/WoSign.pem
/etc/ssl/certs/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G5.pem
/etc/ssl/certs/DigiCert_Trusted_Root_G4.pem
/etc/ssl/certs/ApplicationCA_-_Japanese_Government.pem
/etc/ssl/certs/Verisign_Class_3_Public_Primary_Certification_Authority_2.pem
/etc/ssl/certs/OISTE_WISeKey_Global_Root_GA_CA.pem
/etc/ssl/certs/SecureTrust_CA.pem
/etc/ssl/certs/Starfield_Services_Root_Certificate_Authority_-_G2.pem
/etc/ssl/certs/Buypass_Class_2_Root_CA.pem
/etc/ssl/certs/Certinomis_-_Root_CA.pem
/etc/ssl/certs/IGC_A.pem
/etc/ssl/certs/AffirmTrust_Commercial.pem
/etc/ssl/certs/NetLock_Arany_=Class_Gold=_Főtanúsítvány.pem
/etc/ssl/certs/Entrust_Root_Certification_Authority_-_EC1.pem
/etc/ssl/certs/Starfield_Class_2_CA.pem
/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_2.pem
/etc/ssl/certs/Security_Communication_RootCA2.pem
/etc/ssl/certs/Hongkong_Post_Root_CA_1.pem
/etc/ssl/certs/Equifax_Secure_CA.pem
/etc/ssl/certs/TeliaSonera_Root_CA_v1.pem
/etc/ssl/certs/CA_WoSign_ECC_Root.pem
/etc/ssl/certs/QuoVadis_Root_CA.pem
/etc/ssl/certs/CNNIC_ROOT.pem
/etc/ssl/certs/ssl-cert-snakeoil.pem
/etc/ssl/certs/D-TRUST_Root_Class_3_CA_2_2009.pem
/etc/ssl/certs/DigiCert_Assured_ID_Root_G3.pem
/etc/ssl/certs/Microsec_e-Szigno_Root_CA.pem
/etc/ssl/certs/D-TRUST_Root_Class_3_CA_2_EV_2009.pem
/etc/ssl/certs/TURKTRUST_Certificate_Services_Provider_Root_2007.pem
/etc/ssl/certs/Security_Communication_EV_RootCA1.pem
/etc/ssl/certs/TÜRKTRUST_Elektronik_Sertifika_Hizmet_Sağlayıcısı_H6.pem
/etc/ssl/certs/Comodo_Secure_Services_root.pem
/etc/ssl/certs/RSA_Security_2048_v3.pem
/etc/ssl/certs/StartCom_Certification_Authority_2.pem
/etc/ssl/certs/GeoTrust_Primary_Certification_Authority_-_G2.pem
/etc/ssl/certs/Staat_der_Nederlanden_Root_CA_-_G3.pem
/etc/ssl/certs/QuoVadis_Root_CA_3_G3.pem
/etc/ssl/certs/Actalis_Authentication_Root_CA.pem
/etc/ssl/certs/EE_Certification_Centre_Root_CA.pem
/etc/ssl/certs/EBG_Elektronik_Sertifika_Hizmet_Sağlayıcısı.pem
/etc/ssl/certs/SwissSign_Gold_CA_-_G2.pem
/etc/ssl/certs/USERTrust_ECC_Certification_Authority.pem
/etc/ssl/certs/GeoTrust_Global_CA.pem
/etc/ssl/certs/T-TeleSec_GlobalRoot_Class_3.pem
/etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R5.pem
/etc/ssl/certs/COMODO_ECC_Certification_Authority.pem
/etc/ssl/certs/IdenTrust_Public_Sector_Root_CA_1.pem
/etc/ssl/certs/Baltimore_CyberTrust_Root.pem
/etc/ssl/certs/TÜBİTAK_UEKAE_Kök_Sertifika_Hizmet_Sağlayıcısı_-_Sürüm_3.pem
/etc/ssl/certs/Taiwan_GRCA.pem
/etc/ssl/certs/Network_Solutions_Certificate_Authority.pem
/etc/ssl/certs/TWCA_Root_Certification_Authority.pem
/etc/ssl/certs/Izenpe.com.pem
/etc/ssl/certs/Buypass_Class_2_CA_1.pem
/etc/ssl/certs/Entrust.net_Premium_2048_Secure_Server_CA.pem
/etc/ssl/certs/StartCom_Certification_Authority_G2.pem
/etc/ssl/certs/Buypass_Class_3_Root_CA.pem
/etc/ssl/certs/NetLock_Express_=Class_C=_Root.pem
/etc/ssl/certs/Trustis_FPS_Root_CA.pem
/etc/ssl/certs/thawte_Primary_Root_CA.pem
/etc/ssl/certs/Verisign_Class_3_Public_Primary_Certification_Authority_-_G3.pem
/etc/ssl/certs/TC_TrustCenter_Class_3_CA_II.pem
/etc/ssl/certs/Certplus_Class_2_Primary_CA.pem
/etc/ssl/certs/Autoridad_de_Certificacion_Firmaprofesional_CIF_A62634068.pem
/etc/ssl/certs/IdenTrust_Commercial_Root_CA_1.pem
/etc/ssl/certs/AffirmTrust_Networking.pem
/etc/ssl/certs/CA_Disig.pem
/etc/ssl/certs/VeriSign_Universal_Root_Certification_Authority.pem
/etc/ssl/certs/QuoVadis_Root_CA_2.pem
/etc/ssl/certs/Verisign_Class_1_Public_Primary_Certification_Authority.pem
/etc/ssl/certs/DigiCert_Assured_ID_Root_CA.pem
/etc/ssl/certs/Atos_TrustedRoot_2011.pem
/etc/ssl/certs/Comodo_Trusted_Services_root.pem
/etc/ssl/certs/VeriSign_Class_3_Public_Primary_Certification_Authority_-_G4.pem
/etc/ssl/certs/Camerfirma_Global_Chambersign_Root.pem
/etc/ssl/certs/ACEDICOM_Root.pem
/etc/ssl/certs/GeoTrust_Universal_CA_2.pem
/etc/ssl/certs/S-TRUST_Authentication_and_Encryption_Root_CA_2005_PN.pem
/etc/ssl/certs/Cybertrust_Global_Root.pem
/etc/ssl/certs/Verisign_Class_1_Public_Primary_Certification_Authority_-_G3.pem
/etc/ssl/certs/S-TRUST_Universal_Root_CA.pem
/etc/ssl/certs/ePKI_Root_Certification_Authority.pem
/etc/ssl/certs/Certification_Authority_of_WoSign_G2.pem
/etc/ssl/certs/Comodo_AAA_Services_root.pem
/etc/ssl/certs/Certum_Root_CA.pem
/etc/ssl/certs/UTN_USERFirst_Email_Root_CA.pem
/etc/ssl/certs/DST_Root_CA_X3.pem
/etc/ssl/certs/Juur-SK.pem
/etc/ssl/certs/SecureSign_RootCA11.pem
/etc/ssl/certs/AddTrust_Low-Value_Services_Root.pem
/etc/ssl/certs/GlobalSign_ECC_Root_CA_-_R4.pem
/etc/ssl/certs/UTN_USERFirst_Hardware_Root_CA.pem
/etc/ssl/certs/AddTrust_Qualified_Certificates_Root.pem
/etc/ssl/certs/DigiCert_Global_Root_CA.pem
/etc/ssl/certs/Certinomis_-_Autorité_Racine.pem
/etc/ssl/certs/DigiCert_High_Assurance_EV_Root_CA.pem
/etc/ssl/certs/WellsSecure_Public_Root_Certificate_Authority.pem
/etc/ssl/certs/Verisign_Class_3_Public_Primary_Certification_Authority_-_G2.pem
/etc/ssl/certs/Certum_Trusted_Network_CA.pem
/etc/ssl/certs/WoSign_China.pem
/etc/ssl/certs/QuoVadis_Root_CA_3.pem
/etc/ssl/certs/COMODO_Certification_Authority.pem
/etc/ssl/certs/Entrust_Root_Certification_Authority_-_G2.pem
/etc/ssl/certs/Swisscom_Root_CA_1.pem
/etc/ssl/certs/GeoTrust_Universal_CA.pem
/etc/ssl/certs/Equifax_Secure_eBusiness_CA_1.pem
/etc/ssl/certs/GlobalSign_Root_CA.pem
/etc/ssl/certs/Equifax_Secure_Global_eBusiness_CA.pem
/etc/ssl/certs/Staat_der_Nederlanden_Root_CA_-_G2.pem
/etc/ssl/certs/NetLock_Notary_=Class_A=_Root.pem
/etc/ssl/certs/Go_Daddy_Class_2_CA.pem
/etc/ssl/certs/GlobalSign_Root_CA_-_R2.pem
/etc/ssl/certs/GeoTrust_Primary_Certification_Authority.pem
/etc/ssl/certs/GeoTrust_Global_CA_2.pem
/etc/ssl/certs/CFCA_EV_ROOT.pem
/etc/ssl/certs/Staat_der_Nederlanden_Root_CA.pem
/etc/ssl/certs/Visa_eCommerce_Root.pem
/etc/ssl/certs/StartCom_Certification_Authority.pem
/etc/ssl/certs/AddTrust_Public_Services_Root.pem
/etc/ssl/certs/DST_ACES_CA_X6.pem
/etc/ssl/certs/SwissSign_Silver_CA_-_G2.pem
/etc/ssl/certs/QuoVadis_Root_CA_2_G3.pem
/etc/ssl/certs/thawte_Primary_Root_CA_-_G3.pem
/etc/ssl/certs/ipa-ca.pem
/etc/ssl/certs/Go_Daddy_Root_Certificate_Authority_-_G2.pem
/etc/ssl/certs/DigiCert_Global_Root_G2.pem
/etc/ssl/certs/Microsec_e-Szigno_Root_CA_2009.pem
/etc/ssl/certs/TWCA_Global_Root_CA.pem
/etc/ssl/certs/AC_Raíz_Certicámara_S.A..pem
/etc/ssl/certs/Deutsche_Telekom_Root_CA_2.pem
/etc/ssl/certs/Swisscom_Root_CA_2.pem
/etc/ssl/certs/ACCVRAIZ1.pem
/etc/ssl/certs/AffirmTrust_Premium_ECC.pem
/etc/ssl/certs/USERTrust_RSA_Certification_Authority.pem
/etc/ssl/certs/GlobalSign_Root_CA_-_R3.pem
/etc/ssl/certs/Sonera_Class_1_Root_CA.pem
/etc/ssl/certs/CA_Disig_Root_R1.pem
/etc/ssl/certs/Verisign_Class_1_Public_Primary_Certification_Authority_-_G2.pem
/etc/ssl/certs/Staat_der_Nederlanden_EV_Root_CA.pem
/etc/ssl/certs/Hellenic_Academic_and_Research_Institutions_RootCA_2011.pem
/etc/ssl/certs/China_Internet_Network_Information_Center_EV_Certificates_Root.pem
/etc/ssl/certs/AddTrust_External_Root.pem
/etc/ssl/certs/PSCProcert.pem
/etc/ssl/certs/Sonera_Class_2_Root_CA.pem
/etc/ssl/certs/DigiCert_Global_Root_G3.pem
/etc/ssl/certs/Root_CA_Generalitat_Valenciana.pem
/etc/ssl/certs/QuoVadis_Root_CA_1_G3.pem
/etc/ssl/certs/XRamp_Global_CA_Root.pem
/etc/ssl/certs/ComSign_CA.pem
/etc/ssl/certs/Entrust_Root_Certification_Authority.pem
/etc/ssl/yy-cacert.pem