[Fedora-directory-devel] Cert
Richard Megginson
rmeggins at redhat.com
Tue Jan 31 13:56:39 UTC 2006
Neil Lane wrote:
>Is there any way to install a trusted CA through the commandline???
>
>
Yes, using the certutil command - see here -
http://directory.fedora.redhat.com/wiki/Howto:SSL#Import_the_CA_cert_into_another_Fedora_DS
If you want slapd-instance to know and trust the CA with the CA cert
stored in ascii format (base64 encoded) in a file called cacert.asc:
cd /opt/fedora-ds/alias
../shared/bin/certutil -A -d . -P slapd-instance- -n "CA certificate" -t "CT,," -a -i cacert.asc
You'll need to shutdown slapd-instance before you do this. The -t argument sets the trust flags, and the CT means the cert you're importing is a trusted CA cert.
>
>I am having major issues with starting the admin console, logging in and
>modifying entries as the user I log in as.
>
>
What user are you logging in as, and what entries are you having trouble
modifying?
>I have had a look through the ldapmodify docs but no joy yet.
>
>Any Ideas???
>
>
>
>
>
>
>-----Original Message-----
>From: fedora-directory-devel-bounces at redhat.com
>[mailto:fedora-directory-devel-bounces at redhat.com] On Behalf Of Richard
>Megginson
>Sent: 30 January 2006 07:27 PM
>To: Fedora Directory server developer discussion.
>Subject: Re: [Fedora-directory-devel] Cert
>
>Neil Lane wrote:
>
>
>
>>HI All
>>
>>I am in the process of writing a custom login module using LDAP.
>>
>>I am attempting to use a cert (PKCS12 Cert) for the users "password".
>>
>>I would like to load the cert from a keystore and validate it against
>>the LDAP entries userPKCS12 attribute.
>>
>>Please can someone let me know if this is possible and then let me
>>know how this may be achieved.
>>
>>Any assistance would be appreciated.
>>
>>
>>
>Fedora DS supports client certificate based authentication, so I'm not
>sure why you need to do something similar.
>See http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1053102
>and
>http://directory.fedora.redhat.com/wiki/Howto:CertMapping
>
>
>
>>Thanks
>>
>>Neil Lane
>>
>>------------------------------------------------------------------------
>>
>>--
>>Fedora-directory-devel mailing list
>>Fedora-directory-devel at redhat.com
>>https://www.redhat.com/mailman/listinfo/fedora-directory-devel
>>
>>
>>
>>
>
>
>--
>Fedora-directory-devel mailing list
>Fedora-directory-devel at redhat.com
>https://www.redhat.com/mailman/listinfo/fedora-directory-devel
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3178 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-devel/attachments/20060131/e2eb5c8f/attachment.bin>
More information about the Fedora-directory-devel
mailing list