[Freeipa-users] Upgrade/Migration steps
Joshua J. Kugler
joshua at azariah.com
Wed Jun 26 23:23:50 UTC 2013
Finally circling back around to this.
On Monday, June 24, 2013 09:44:19 Rob Crittenden wrote:
> It's really confusing how you ended up with a CA DS instance configured
> without SSL.
You're telling me. :)
> In any case, by default we configure port 7390 for SSL. StartTLS
> shouldn't be needed.
>
> You may also need to set nsSSL3Ciphers.
Sorry, LDAP newbie here. What would I add, and to which files? I assume the
dse.ldif for the PKI-CA. What entries would I add for the SSL config?
> And you need to create an entry:
>
> cn=RSA,cn=encryption,cn=config
> objectclass=top
> objectclass=nsEncryptionModule
> cn=RSA
> nsSSLPersonalitySSL=Server-Cert
> nsSSLToken=internal (software)
> nsSSLActivation=on
When you say "create entry," is that just adding that to the dse.ldif, or am I
adding it to the LDAP DB? (Again, LDAP newbie here).
Feel free to point me to docs on this subject. I do want to learn, just not
sure where to start.
Thank you (again!) for all your help!
j
--
Joshua J. Kugler - Fairbanks, Alaska
Azariah Enterprises - Programming and Website Design
joshua at azariah.com - Jabber: pedahzur at gmail.com
PGP Key: http://pgp.mit.edu/ ID 0x73B13B6A
More information about the Freeipa-users
mailing list