cert signing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

A final note that Rob's solution worked wonderfully once I took note  
that the dash in the "-P slapd-myinstance-" is significant -- don't  
forget that! Your cert won't show up in the server cert section  
without it.


On Jun 20, 2005, at 3:21 PM, Rob Crittenden wrote:

> Jeff Falgout wrote:
>
>> Brian K. Jones said:
>>
>>> Hi,
>>>
>>> Anyone have a procedure for self signing a certificate request  
>>> from FDS
>>> using
>>> an existing CA cert with openssl? Also - anyone know why I can't  
>>> just use
>>> an
>>> existing cert/key pair with FDS that was created and self-signed  
>>> already -
>>> or
>>> if I can, how?
>>>
>>> brian.
>>>
>> openssl x509 -req -in /path/to/csr \
>>         -CA /path/to/cacert \
>>         -CAkey /path/to/cakey -CAcreateserial \
>>         -out /path/to/signed.crt
>> I just use this command to sign the csr generated from the console. I
>> haven't figured out how to use an existing cert/key - I'd very  
>> much like
>> to see how to do that.
>>
>
> This was just discussed on IRC, may as well document it here as well.
>
> First, head into console and initialize your certificate database  
> and assign a password. To do this, log into the console, select  
> your directory instance and under Tasks select Manage Certificates.  
> If you don't already have a certificate database created, it will  
> prompt you for a password.
>
> Now, at a unix prompt, change to your server root as a user that  
> can write to the files in alias (probably root).
>
> This assumes that the existing cert is in the file ssl-cert.pem and  
> the existing key is in ssl-key.pem and your instance is named  
> "myinstance":
>
> # cd /opt/redhat-ds
> # openssl pkcs12 -export -in ssl-cert.pem -inkey ssl-key.pem -out  
> ssl-cert.p12 -name "Server-Cert"
>
> You now have the openssl cert in a pkcs#12 file (cert and key  
> together)
>
> Now import it into your DS database:
>
> # shared/bin/pk12util -i ssl-cert.p12 -d alias -P slapd-myinstance-
>
> This will work for both Fedora and Red Hat DS.
>
> rob
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux