Craig White wrote: >On Thu, 2005-12-08 at 13:27 -0700, Richard Megginson wrote: > > >>Craig White wrote: >> >> >> >>>On Thu, 2005-12-08 at 13:00 -0700, Richard Megginson wrote: >>> >>> >>> >>> >>>>Craig White wrote: >>>> >>>> >>>> >>>> >>>> >>>>>Trying to follow instructions at >>>>>http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1087158 >>>>> >>>>>Step #8 >>>>>Copy the key3.db and cert8.db you created to the default databases >>>>>created at Directory Server installation: >>>>> >>>>>where is this 'default databases'? >>>>> >>>>>/opt/fedora-ds/slapd-srv1/ ? # srv1 is name of my server >>>>> >>>>> >>>>> >>>>> >>>>> >>>>> >>>>/opt/fedora-ds/alias/slapd-srv1-key3.db >>>>/opt/fedora-ds/alias/slapd-srv1-cert8.db >>>> >>>> >>>> >>>> >>>---- >>>OK - well that was where I created them... >>> >>># ls -l /opt/fedora-ds/alias/ >>>total 520 >>>-rw------- 1 nobody nobody 65536 Dec 8 12:55 admin-serv-srv1-cert8.db >>>-rw------- 1 nobody nobody 16384 Dec 8 12:55 admin-serv-srv1-key3.db >>>-rw------- 1 root root 65536 Dec 8 11:18 cert8.db >>>-rw------- 1 root root 2644 Dec 8 11:18 cert.pk12 >>>-rw------- 1 root root 16384 Dec 8 11:18 key3.db >>>-rwxr-xr-x 1 root nobody 194880 Nov 29 15:06 libnssckbi.so >>>-rw-r--r-- 1 root root 55 Dec 8 11:09 noise.txt >>>-rw------- 1 root root 9 Dec 8 11:09 pwdfile.txt >>>-rw------- 1 nobody nobody 16384 Dec 6 08:46 secmod.db >>>-rw------- 1 nobody nobody 65536 Dec 8 10:55 slapd-srv1-cert8.db >>>-rw------- 1 nobody nobody 16384 Dec 8 10:55 slapd-srv1-key3.db >>> >>>I didn't see them listed anywhere in the console. >>> >>> >>> >>> >>Didn't see what listed anywhere in the console? >> >> >---- >the certificates that I generated using certutil. I never could find >evidence of them in any console. > They have to be in the file called slapd-name-cert8.db - it won't find them if they are in cert8.db. >The files listed above I am certain >were generated by openssl creation of the CA certificate and using that >to sign the requests from the Server Certs portions of the >Administration and Directory Consoles - and 'installing' them in the >console...because of the time signatures. >---- > > >>I think the directions mean "copy your new key3.db over >>slapd-srv1-key3.db and copy your new cert8.db over >>slapd-srv1-cert8.db". When you do this, make sure slapd isn't running, >>and make sure you retain the old ownership and permissions of those >>files (e.g. nobody:nobody and 0600). Slapd (uid nobody) has to open >>those files in read-write mode. >> >> >> >---- >it would appear that having the above contents of /opt/fedora-ds/alias >and the db files chmod 600 nobody:nobody as per above - that even though >I generated them ultimately with openssl and not certutil and they are >listed in both Administration and Directory consoles in both CA Certs >and Server Certs that I am good to go to next step. > > Ok. >Thanks > >Craig > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20051208/c6714a2d/attachment.bin