Author Topic: Question on CA and the Password on a .p12 file it generates  (Read 40 times)

smtryan

  • Zen Apprentice
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Question on CA and the Password on a .p12 file it generates
« on: March 26, 2024, 01:44:05 pm »
Good Morning,
I have only just discovered zentyal and am looking to implement into my environment as a CA; possibly more but starting there for now.  I have the CA setup from what I can tell and I have imported my Root CA Cert into AD.

What I am looking to do is get Meraki talking to AD.  I created the cert for my DC  dc.domain.local and have all the pieces it needs.  I download the .zip file.  Inside is the .cer, the .p12 and then the two .pem files.

I imported the .cer just fine.  When I go to import the private key it is asking for a password.  I have no password and blank simply states that it is incorrect. 

My question is...  what is the password that it creates for the .p12 file?  Is there a way to specify these?  There are only what 3 fields to fill out when creating so I'm not entirely sure.

smtryan

  • Zen Apprentice
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: Question on CA and the Password on a .p12 file it generates
« Reply #1 on: Today at 12:42:31 pm »
This makes me sad that I am only now discovering Zentyal as it seems dead here.

I figured I would update on my post myself.  I am not sure but I imagine that Zentyal is not providing a password to the .p12 however in Windows Server 2016 that I am running it looks like it needs a particular way the .p12 file needs to be generated in order for it to be able to be imported.

I was able, via command line using openssh to get a .pfx (same as .p12) to create and prompt for a password that I did later import into my server:

Code: [Select]
openssl pkcs12 -export -certpbe PBE-SHA1-3DES -keypbe PBE-SHA1-3DES -nomac -inkey keyname.key -in certname.crt -out outpackage.pfx
I did not try to go back and run the command and export as a .p12 however it SHOULD work.  I think there is something with what it does and windows would not take any password on any that I created until I used all the switches above.    So it could possibly be that there is no password however the encoding or whatever just isn't happy.

The one I created is not as robust as the one that I created from Zentyal and did not work for my use case.  It may not be a fault of the cert and may have something to do with my domain now.  I'm working it that route.