Ok, I figured this out. The setupssl.sh script correctly names the cert and key databases for the administrator server based on identifier you give the directory server on setup. The default administrator server configuration, on the other hand, creates and uses databases named after the system's host name. This problem was corrected by setting the correct database file names in /opt/fedora-ds/admin-serv/config/adm.conf. Or alternatively, simply copy the database files created by the script to the filenames that the administrator wants to use. The setupssl script should probably be altered to set the correct database file names in the adm.conf file. Thanks for the responses, Jason >> Hi all, >> I'm pretty uncertain about the best way to go about configuring the >> admin server to use SSL (FDS1.0.2) . All of the docs I'm finding are >> pretty shaky. Ultimately, I want users to manage their passwords and >> info via the web-based Directory Server Gateway over SSL. This would >> appear to be the same thing as enabling SSL for the admin server. >> The setupssl.sh script provided by the SSL howto, generates the >> keys/certs for the admin server and imports them into the appropriate >> cert db (I guess, I've performed the process by hand as well, based >> on RedHat's docs and the script itself). This would imply to me that >> the admin console would find the generated certs and present them in >> the admin server's console (under the Configuration -> Encryption >> tab) in much the same way that it does in the directory server's >> console. I can't tell if something that's suppose to work isn't or >> if I'm misunderstanding something. I'd like to know before I try to >> generate new SSL certificates and import them. > Yes, that's the way it is supposed to work. I verified that it does > work on FC5 using FDS 1.0.2. >
