[389-users] Command line to request certificate
Rich Megginson
rmeggins at redhat.com
Wed Aug 12 21:31:40 UTC 2009
Prashanth Sundaram wrote:
> Rich,
>
> The script that you directed me to, it installs the CA cert in the
> server cert tab when I check in console.
There is a bug in the script - it doesn't add all of the flags to the CA
cert to make it show up as a CA cert in the console. But it really is a
CA cert and you can use it as a CA cert.
> I tried manually adding it but it would still end up along with
> Directory server-cert.
That's annoying, but it should still work for TLS/SSL just fine.
> Also the admin server-cert shows up here as well.
Right. The script generates the admin server cert in the directory
server cert database, then exports it for use in the admin server cert
database.
>
> How do I troubleshoot that? The certs are fine in Admin server, but
> not in Directory instance.
>
> http://directory.fedoraproject.org/wiki/Howto:SSL#Script
>
> Another question: Since I am going to have two ldap servers and VIPs,
> can I just specify the DNS host names with the certificate like add
> certutil –S.... –8 ldap.foo1.com.ldap.foo2.com within the script,
> saving extra work?
Sure - feel free to hack the script as you need to.
>
> Thanks for your help!!
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20090812/daded16c/attachment.bin>
More information about the Fedora-directory-users
mailing list