URL: https://github.com/freeipa/freeipa/pull/721
Title: #721: Fix RA cert import during DL0 replication

HonzaCholasta commented:
"""
`ipa-replica-install` fails for me:
```
[2/2]: importing RA certificate from PKCS #12 file
[error] CalledProcessError: Command '/usr/bin/openssl pkcs12 -in /tmp/tmpPLwmXjipa/realm_info/ra.p12 -nocerts -nodes -out /var/lib/ipa/ra-agent.key -passin file:/tmp/tmpuzigru' returned non-zero exit status 1
Your system may be partly configured.
Run /usr/sbin/ipa-server-install --uninstall to clean up.

ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR Command '/usr/bin/openssl pkcs12 -in /tmp/tmpPLwmXjipa/realm_info/ra.p12 -nocerts -nodes -out /var/lib/ipa/ra-agent.key -passin file:/tmp/tmpuzigru' returned non-zero exit status 1
ipa.ipapython.install.cli.install_tool(CompatServerReplicaInstall): ERROR The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
```
`ipareplica-install.log` says:
```
2017-04-19T11:28:53Z DEBUG [2/2]: importing RA certificate from PKCS #12 file
2017-04-19T11:28:53Z DEBUG Starting external process
2017-04-19T11:28:53Z DEBUG args=/usr/bin/openssl pkcs12 -in /tmp/tmpPLwmXjipa/realm_info/ra.p12 -nocerts -nodes -out /var/lib/ipa/ra-agent.key -passin file:/tmp/tmpuzigru
2017-04-19T11:28:53Z DEBUG Process finished, return code=1
2017-04-19T11:28:53Z DEBUG stdout=
2017-04-19T11:28:53Z DEBUG stderr=Mac verify error: invalid password?
```
🀷‍
"""

See the full comment at https://github.com/freeipa/freeipa/pull/721#issuecomment-295230168

URL: https://github.com/freeipa/freeipa/pull/721
Title: #721: Fix RA cert import during DL0 replication

HonzaCholasta commented:
"""
... because you need to apply the same fix to `ReplicaPrepare.export_ra_pkcs12` as well.
"""

See the full comment at https://github.com/freeipa/freeipa/pull/721#issuecomment-295231831

URL: https://github.com/freeipa/freeipa/pull/721
Title: #721: Fix RA cert import during DL0 replication

stlaz commented:
"""
Silly me 🙄
"""

See the full comment at https://github.com/freeipa/freeipa/pull/721#issuecomment-295238665

URL: https://github.com/freeipa/freeipa/pull/721
Author: stlaz
Title: #721: Fix RA cert import during DL0 replication
Action: synchronized

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/721/head:pr721
git checkout pr721

URL: https://github.com/freeipa/freeipa/pull/721
Title: #721: Fix RA cert import during DL0 replication

Label: +ack

URL: https://github.com/freeipa/freeipa/pull/721
Title: #721: Fix RA cert import during DL0 replication

HonzaCholasta commented:
"""
master:

* 6f0a622d83ee22ce712a380d1701cb1f383689e4 Fix RA cert import during DL0 replication


ipa-4-5:

* 3f70baf2a4811e3eee341aee6da99dfa80c092e6 Fix RA cert import during DL0 replication


"""

See the full comment at https://github.com/freeipa/freeipa/pull/721#issuecomment-295253863

URL: https://github.com/freeipa/freeipa/pull/721
Title: #721: Fix RA cert import during DL0 replication

Label: +pushed

URL: https://github.com/freeipa/freeipa/pull/721
Author: stlaz
Title: #721: Fix RA cert import during DL0 replication
Action: closed

To pull the PR as Git branch:
git remote add ghfreeipa https://github.com/freeipa/freeipa
git fetch ghfreeipa pull/721/head:pr721
git checkout pr721