What a nightmare. I tried to use the script on the Wiki but this isn't really set up to do this. I would like one CA and then to generate all of the DS and AS certificates from this. I can't work out if I need to copy the CA db or just the .asc file to the other servers to generate the certs - it seems to need the key for the CA cert and also the noise and pwd files? I finally got two servers on SSL but they won't replicate as they don't like each other's certificates even though I had the CA certs on both servers. I have spent eight hours getting nowhere and will have to start again from scratch. If there are any clues on how to: Have one CA for all server certs How to install this CA cert on all servers What is needed for replication over SSL to work Please let me know ... PK -- Philip Kime NOPS Systems Architect 310 401 0407 -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20060708/e6f2ad91/attachment.html
