[389-users] generate certificate request with certutil
Rob Crittenden
rcritten at redhat.com
Thu Dec 17 14:45:17 UTC 2009
muzzol wrote:
> hi,
>
> i want to generate a certificate request from command line to send to
> an external CA. this is what i use:
>
>
> certutil -S -n "test-server" -s "CN=testserver.example.com" -c "CA
> auth" -t "u,u,u" -m 1023 -v 120 -d .
>
> and i get this error:
>
>
> certutil: unable to retrieve key CA auth: The private key for this
> certificate cannot be found in key database
>
>
> i've imported the root cert for CA auth though the GUI but certutil
> seems not to find it.
>
> if i create the request via GUI everything is fine, but i need to use
> certutil because i need to pass additional parameters not supported by
> the GUI.
>
> any hints?
>
-S generates a certificate using a CA from the same database. You want
to create a Certificiate Signing Request (CSR). Try this:
certutil -R -s "CN=testserver.example.com" -d . -a
This will produce a base64-encoded CSR that you can pass along to your CA.
rob
More information about the Fedora-directory-users
mailing list