Debug Certificates in privacyIDEA

CA CLI setup:

mkdir /etc/privacyidea/CA
cp /opt/privacyidea/lib/python2.7/site-packages/tests/testdata/ca/openssl.cnf /etc/privacyidea/CA/
openssl req -days 3650 -new -x509 -keyout /etc/privacyidea/CA/ca.key \
            -out /etc/privacyidea/CA/ca.crt \
            -config /etc/privacyidea/CA/openssl.cnf
chmod 0600 /etc/privacyidea/CA/ca.key
touch /etc/privacyidea/CA/index.txt
echo 01 > /etc/privacyidea/CA/serial
openssl rsa -in ca.key -out ca-nopw.key
mv ca-nopw.key ca.key
chown -R privacyidea /etc/privacyidea/CA

 

CA Setup:

Bildschirmfoto vom 2016-07-13 20-10-39

Enroll token for the user:

Bildschirmfoto vom 2016-07-13 20-11-22

Choose the user and set pin (should be import pw?):

Bildschirmfoto vom 2016-07-13 20-11-50

Finally able to download pkcs12:

Bildschirmfoto vom 2016-07-13 20-12-59

 

I can download the PKCS and import it with a doubleclick without entering the value in „PIN“ field.

Also reviewing the file, there’s no root ca included with the pkcs12 container.