[Fedora-directory-users] self-signed certificates
Susan
logastellus at yahoo.com
Wed Feb 22 13:35:44 UTC 2006
--- Nathan Kinder <nkinder at redhat.com> wrote:
> Dan Lipsitt wrote:
>
Yea. I had to do it so often, that I've scripted it:
Put your cert DB password in pwdfile.txt, put some noise in the noise file and run this.
I think these may be a little different from the manual, I got the syntax from Rich M. It works
though.
One thing I don't understand still is the purpose of the pk12util... I run it because the wiki
says to run it. No idea what it's for, however.
____________________contents of cert gen script______________
[root at cnyldap01 alias]# cat certs.sh
#!/bin/sh
../shared/bin/certutil -N -d . -f pwdfile.txt
../shared/bin/certutil -G -d . -z noise.txt -f pwdfile.txt
../shared/bin/certutil -S -n "CA certificate" -s "cn=CAcert" -x -t "CT,," -m 1000 -v 120 -d . -z
noise.txt -f pwdfile.txt
../shared/bin/certutil -S -n "Server-Cert" -s "cn=server-cert" -c "CA certificate" -t "u,u,u" -m
1001 -v 120 -d . -z noise.txt -f pwdfile.txt
echo moving key..
mv key3.db slapd-`-hostname -s`-key3.db
mv cert8.db slapd-`hostname -s`-cert8.db
ln -s slapd-`hostname -s`-key3.db key3.db
ln -s slapd-`hostname -s`-cert8.db cert8.db
echo pk..
../shared/bin/pk12util -d . -P slapd-`hostname -s`- -o servercert.pfx -n Server-Cert
____________________end of contents of cert gen script______________
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Fedora-directory-users
mailing list