Susan wrote: >--- Nathan Kinder <nkinder at redhat.com> wrote: > > > >>Dan Lipsitt wrote: >> >> >> > >Yea. I had to do it so often, that I've scripted it: > >Put your cert DB password in pwdfile.txt, put some noise in the noise file and run this. > >I think these may be a little different from the manual, I got the syntax from Rich M. It works >though. > >One thing I don't understand still is the purpose of the pk12util... I run it because the wiki >says to run it. No idea what it's for, however. > > It's really just for backup purposes. You can backup your key and cert db files instead. > >____________________contents of cert gen script______________ >[root at cnyldap01 alias]# cat certs.sh >#!/bin/sh >../shared/bin/certutil -N -d . -f pwdfile.txt >../shared/bin/certutil -G -d . -z noise.txt -f pwdfile.txt >../shared/bin/certutil -S -n "CA certificate" -s "cn=CAcert" -x -t "CT,," -m 1000 -v 120 -d . -z >noise.txt -f pwdfile.txt >../shared/bin/certutil -S -n "Server-Cert" -s "cn=server-cert" -c "CA certificate" -t "u,u,u" -m >1001 -v 120 -d . -z noise.txt -f pwdfile.txt >echo moving key.. > >mv key3.db slapd-`-hostname -s`-key3.db >mv cert8.db slapd-`hostname -s`-cert8.db >ln -s slapd-`hostname -s`-key3.db key3.db >ln -s slapd-`hostname -s`-cert8.db cert8.db >echo pk.. >../shared/bin/pk12util -d . -P slapd-`hostname -s`- -o servercert.pfx -n Server-Cert >____________________end of contents of cert gen script______________ > > >__________________________________________________ >Do You Yahoo!? >Tired of spam? Yahoo! Mail has the best spam protection around >http://mail.yahoo.com > >-- >Fedora-directory-users mailing list >Fedora-directory-users at redhat.com >https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060222/ee4ab853/attachment.bin