--- Nathan Kinder <nkinder at redhat.com> wrote: > Dan Lipsitt wrote: > Yea. I had to do it so often, that I've scripted it: Put your cert DB password in pwdfile.txt, put some noise in the noise file and run this. I think these may be a little different from the manual, I got the syntax from Rich M. It works though. One thing I don't understand still is the purpose of the pk12util... I run it because the wiki says to run it. No idea what it's for, however. ____________________contents of cert gen script______________ [root at cnyldap01 alias]# cat certs.sh #!/bin/sh ../shared/bin/certutil -N -d . -f pwdfile.txt ../shared/bin/certutil -G -d . -z noise.txt -f pwdfile.txt ../shared/bin/certutil -S -n "CA certificate" -s "cn=CAcert" -x -t "CT,," -m 1000 -v 120 -d . -z noise.txt -f pwdfile.txt ../shared/bin/certutil -S -n "Server-Cert" -s "cn=server-cert" -c "CA certificate" -t "u,u,u" -m 1001 -v 120 -d . -z noise.txt -f pwdfile.txt echo moving key.. mv key3.db slapd-`-hostname -s`-key3.db mv cert8.db slapd-`hostname -s`-cert8.db ln -s slapd-`hostname -s`-key3.db key3.db ln -s slapd-`hostname -s`-cert8.db cert8.db echo pk.. ../shared/bin/pk12util -d . -P slapd-`hostname -s`- -o servercert.pfx -n Server-Cert ____________________end of contents of cert gen script______________ __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
