[Fedora-directory-users] Installing Server Certificates Using certutil

Rich Megginson rmeggins at redhat.com
Fri Apr 4 21:26:36 UTC 2008 

ggistra at aol.com wrote:
>
> Regarding "Using certutil" section in  the "Managing SSL and SASL" 
> chapter of the Administrator's Guide 7.1:
>
> The instructions seem to indicate that one should use the same 
> password to protect
>  *  the key and certificate databases
>  *  the encryption key
>  *  the certificates
>
> Is this correct? Is the pwdfile.txt still needed after the 
> certificates are generated?
Not technically, but it's a good idea to keep it around in case you want 
to issue additional certs.  You can always create it from the contents 
of the pin.txt file (assuming you have the same password).
>
> The "Enabling SSL ..." section of the same chapter talks 
> about creating the password file needed to restart the server 
> automatically. This is presumably the same password used to generate 
> certificates (or is it not?).
It usually is the same, but it doesn't have to be.
> Is there a way to achieve the unattended restart while avoiding 
> placing the password in a cleartext file?
You can also use the modutil -changepw command to change the password to 
a blank password (i.e. just hit Enter).  But then your private key will 
be unprotected.  It's essentially the same protection as the cleartext 
password file, but a little easier to manage.
>
> Thanks,
> Gabi 
> ------------------------------------------------------------------------
> Get the MapQuest Toolbar 
> <http://www.mapquest.com/toolbar?NCID=mpqmap00030000000003>, Maps, 
> Traffic, Directions & More!
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3245 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20080404/6402f5ed/attachment.bin>

More information about the Fedora-directory-users mailing list