[Freeipa-devel] [PATCH] 137 Instructions to generate cert use certutil instead of openssl
Endi Sukma Dewata
edewata at redhat.com
Fri Jun 1 00:39:19 UTC 2012
On 5/11/2012 6:37 AM, Petr Vobornik wrote:
> Instructions to generate certificate were changed. Now they use certutil
> instead of openssl. In the example is also used option for specifying
> key size.
>
> https://fedorahosted.org/freeipa/ticket/2725
This is already pushed, but the text probably could be improved a little
bit, something like this:
1. Create a certificate database or use an existing one. To create a
new database:
# certutil -N -d <database path>
See certutil documentation for more info.
2. Create a CSR with subject "CN=<hostname>,O=<realm>", for example:
# certutil -R -d <database path> -a -g <key size>
-s 'CN=test.example.com,O=EXAMPLE.COM'
3. Copy and paste the CSR (from "-----BEGIN NEW CERTIFICATE
REQUEST-----" to "-----END NEW CERTIFICATE REQUEST-----") into the
text area below:
Note, the '#' is meant to indicate the command prompt. The <em> tag was
not quite visible, most likely people won't see the tooltips for key
size, so it might be better to mention <key size> explicitly.
--
Endi S. Dewata
More information about the Freeipa-devel
mailing list