self signed certificates

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, 2005-12-08 at 13:00 -0700, Richard Megginson wrote:
> Craig White wrote:
> 
> >Trying to follow instructions at 
> >http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1087158
> >
> >Step #8
> >Copy the key3.db and cert8.db you created to the default databases
> >created at Directory Server installation:
> >
> >where is this 'default databases'?
> >
> >/opt/fedora-ds/slapd-srv1/ ? # srv1 is name of my server
> >  
> >
> /opt/fedora-ds/alias/slapd-srv1-key3.db
> /opt/fedora-ds/alias/slapd-srv1-cert8.db
----
OK - well that was where I created them...

# ls -l /opt/fedora-ds/alias/
total 520
-rw-------  1 nobody nobody  65536 Dec  8 12:55 admin-serv-srv1-cert8.db
-rw-------  1 nobody nobody  16384 Dec  8 12:55 admin-serv-srv1-key3.db
-rw-------  1 root   root    65536 Dec  8 11:18 cert8.db
-rw-------  1 root   root     2644 Dec  8 11:18 cert.pk12
-rw-------  1 root   root    16384 Dec  8 11:18 key3.db
-rwxr-xr-x  1 root   nobody 194880 Nov 29 15:06 libnssckbi.so
-rw-r--r--  1 root   root       55 Dec  8 11:09 noise.txt
-rw-------  1 root   root        9 Dec  8 11:09 pwdfile.txt
-rw-------  1 nobody nobody  16384 Dec  6 08:46 secmod.db
-rw-------  1 nobody nobody  65536 Dec  8 10:55 slapd-srv1-cert8.db
-rw-------  1 nobody nobody  16384 Dec  8 10:55 slapd-srv1-key3.db

I didn't see them listed anywhere in the console.

I ended up doing this with openssl...
# first using console, I created a server csr (fedora-ds.csr)

then...
openssl req -config /usr/share/ssl/openssl.cnf -new -x509 \
-days 3650 -key ca.key -out ca.cert
openssl genrsa -out ldap.key 1024
openssl req -config /usr/share/ssl/openssl.cnf -new -key ldap.key \
-out ldap.csr
openssl x509 -req -in ldap.csr -out ldap.cert -CA ca.cert \
-CAkey ca.key -CAcreateserial -days 3650
openssl x509 -req -in fedora-ds.csr -out fedora-ds.cert -CA ca.cert \
-CAkey ca.key -CAcreateserial -days 3650cp ca.cert /etc/ssl

Then using the console - in Administration console, Manage Certificates,
CA Certs, I 'installed' the file ca.cert (it seemed happy)

Then in Server Certs, I installed fedora-ds.cert (it seemed happy)

I pretty much repeated the process of creating the signing request and
signing it and generating another server cert and it seems to be happy
too as now, it too lists the certificates both in the server certs and
the CA certs.

So I am pretty good to go right?

Thanks

Craig
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux