Unable import thirdparty certificate to master DAP container

sjohnkennedy · February 20, 2020, 10:07pm

Hello Team,

I have created the master container and setup the cluster and received the message that the master is up and running. I import the the CA certificate using the following command after connecting the docker container and the certs are copied to /tmp foldder on the container
evoke ca import --force --root cacert.cer
But when i try the following command to import the master certificate, I get the following error message
evoke ca import --key dap-master.key --set dapcert.cer

error message - No such file or directory @ rb_sysopen - dap-master.key

I am not sure where the master’s cert files are located. I tried to search the container but haven’t found anything useful. I have conjur appliance version 5.2.6

nathan.whipple · February 20, 2020, 10:17pm

dap-master.key should be the private key you used in the CSR to generate dapcert.cer, not a file provided from within the container. You might have the private key and cert bundled in the dapcert.cer file. If so, you’ll need to use openssl to extract the private key and save the certificate in pem format. hopefully that’s enough to get you unstuck!

ps. you’ll need to redeploy the standbys and followers after you get the certs imported
pss. 5.2.6 is very old now, try getting a copy of the latest shipping which is 11.2.1

sjohnkennedy · February 24, 2020, 10:15pm

Thank you for you response. I found out the issue and corrected and was able to import the cert.
I used the following url to generate the certificates

but after importing these certs when I try to create a seed I am getting a following error message, I am not sure what is causing the issue. any ideas on this?

nathan.whipple · February 27, 2020, 5:18pm

Are these seeds for standbys or followers? Can you share the command you used to generate the seed? Can you confirm that the connectivity to the master on port 5432 is good?

sjohnkennedy · February 28, 2020, 4:47am

Thank you for the response nathan. I had some dns issues and was able to resolve by making some changes in the host file

ashish.stha · November 24, 2020, 4:12am

@sjohnkennedy. I am getting the same error. How did you resolve it? Any suggestions would be highly appreciated. I am trying to import new internal CA certificate for couple of new additional followers(on-prem) in my exiting Conjur environment with 1 master, 2 standbys and 2 followers in AWS.

sjohnkennedy · November 24, 2020, 2:21pm

@ashish.stha you will have a private key and .pem for the followers which needs to be imported on the the master container. Reference page is https://docs.cyberark.com/Product-Doc/OnlineHelp/AAM-DAP/Latest/en/Content/Deployment/DAP/dap-deploy-dap.htm?tocpath=Setup|_____4#ConfigureDAPMaster.

The DNS error I was receiving was in my lab environment and I fixed by making updates to the host files on the container as I did not have a good DNS server. I am not sure what is the error message you are receiving. Hope this helps. if not please post a screenshot of the error message for review. Thank you