[Fedora-directory-users] SSL Certs without password
Rob Crittenden
rcritten at redhat.com
Wed Jan 24 14:17:09 UTC 2007
Richard Megginson wrote:
> Michał Droździewicz wrote:
>> Hello,
>> I know how to generate certs with passwords, but this results in
>> password prompt at server startup and reboot. Is there a way to
>> generate SSL certificate without password?
> NSS always requires a password in order to unlock your server key. See
> the shell script at
> http://directory.fedora.redhat.com/wiki/Howto:SSL#Script for an example
> of how to create a password file.
Actually, a password isn't required by NSS. To change an existing
database to a NULL password use the modutil command. Its syntax is
slightly different from the other NSS utilities but it has a decent help
output if you don't get it quite right.
To change an existing database to be a blank password:
% modutil -dbdir /opt/fedora-ds/alias -dbprefix slapd-foo- -changepw
"NSS Certificate DB"
Enter the old password then press Enter twice for the new password to
blank it out.
To generate a new database with a blank password with certutil do
something like:
% certutil -N -d /opt/fedora-ds/alias -P slapd-foo-
Press Enter twice.
rob
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20070124/4075b93c/attachment.bin>
More information about the Fedora-directory-users
mailing list