<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Please review the attached patch which addresses the following
issue:<br>
<ul>
<li><a href="https://fedorahosted.org/pki/ticket/1144">PKI TRAC
Ticket #1144 - pkispawn needs option to specify ca cert for
ldap</a></li>
</ul>
<p>Using my Fedora 21 laptop, I was able to successfully install and
configure a Directory Server to use LDAPS (documented procedure in
attached 'pkispawn' man page), and was able to use the exported
Directory Server CA certificate to successfully install and
configure a CA using this CA certificate in conjunction with the
secure Directory Server.<br>
</p>
<p>I verified that the two servers were speaking TLS by checking
/var/log/dirsrv/slapd-pki/access:<br>
</p>
<ul>
<li>TLS1.2 128-bit AES-GCM</li>
</ul>
<p>Additionally, I successfully installed an OCSP subsystem into
this shared PKI instance.<br>
</p>
<p>For the CA, I successfully tested both non-interactive as well as
interactive modes of pkispawn.<br>
</p>
<p>Thanks,<br>
-- Matt<br>
</p>
</body>
</html>