Andrew Meyer via FreeIPA-users wrote:
This is what I have been following:
https://github.com/gudmmk/howtos/blob/master/duo_authproxy-with-freeipa.md
https://duo.com/docs/authproxy-reference
https://help.duo.com/s/article/2209?language=en_US
https://community.duo.com/t/directory-sync-with-idm/2171/19
Here is the error output.
[error] The Auth Proxy was not able to create an SSL context with the given certificate
and private key. It will be unable to use these credentials to create and maintain
SSL-based connections such as LDAPS.
[error] The Auth Proxy was not able to validate the SSL private key at
/opt/duoauthproxy/conf/duoauth-starttls.key. Ensure that it is a readable, valid SSL key
file using a tool like 'openssl rsa'.
[debug] Exception: [('PEM routines', 'PEM_read_bio', 'no start
line')]
[info] The Auth Proxy was able to validate the SSL certificate data at /etc/ipa/ca.crt.
[warn] The Auth Proxy did not run the SSL context creation check because of the
problem(s) with the SSL key and cert check. Resolve that issue and rerun the tester.
[warn] The Auth Proxy did not run the listen check because of the problem(s) with the
ssl configuration check. Resolve that issue and rerun the tester.
[info] -----------------------------
[info] SUMMARY
Thanks for your help!
You need a server certificate for the duo auth proxy service. I'm not in
the office right now but you can refer to the IdM documentation on
docs.redhat.com to see how to generate a server certificate for this
service.
rob