Pass an empty passphrase on the command line for the p12 cert

site-cookbooks/kosmos-dirsrv/resources/instance.rb

@@ -70,8 +70,9 @@ action :create do
     action :nothing
   end
 
-
   unless node.chef_environment == "development"
+    package "libnss3-tools" # provides pk12util
+
     cookbook_file "#{Chef::Config[:file_cache_path]}/tls.ldif" do
       source "tls.ldif"
       owner "root"
@@ -87,13 +88,13 @@ action :create do
     # Merge the full chain and private key into one cert, to import into the
     # dirsrv dir
     execute "generate p12 cert" do
-      command "openssl pkcs12 -export -in /etc/letsencrypt/live/#{new_resource.hostname}/fullchain.pem -inkey /etc/letsencrypt/live/#{new_resource.hostname}/privkey.pem -out #{Chef::Config[:file_cache_path]}/#{new_resource.hostname}.p12 -name 'Server-Cert'"
+      command "openssl pkcs12 -export -in /etc/letsencrypt/live/#{new_resource.hostname}/fullchain.pem -inkey /etc/letsencrypt/live/#{new_resource.hostname}/privkey.pem -out #{Chef::Config[:file_cache_path]}/#{new_resource.hostname}.p12 -name 'Server-Cert' -passout pass:"
       action :nothing
       notifies :run, "execute[import p12 cert]", :immediately
     end
 
     execute "import p12 cert" do
-      command "pk12util -i #{Chef::Config[:file_cache_path]}/#{new_resource.hostname}.p12 -d #{inst_dir}"
+      command "pk12util -i #{Chef::Config[:file_cache_path]}/#{new_resource.hostname}.p12 -d #{inst_dir} -W ''"
       action :nothing
       notifies :run, "execute[add tls config]", :immediately
     end