Alex wrote: > > >> well, no. The reason why you don't see ssl server cert on >> nodo2 is because you never created it! >> >> > > At this point i want to be sure that I understand correctly...I did 5 > minutes ago exactly what you say in your previous post...now i have in > window of nodo1 Server-Cert and Ca certificate...so in "Encryption tab" I > checked "enable ssl for this server" and in certificate I used > Server-Cert....at this point, to enable ssl on nodo2 what exactly have I to > do? > > -Export Server-Cert on nodo2 > -Run the script in nodo2 > > ...I 'm apologize but this is the first time that I use both Fedora DS and > configuring SSL..and IMHO documentation is not very clear about this point! > I'm not sure, but I think what you need to do is to create another key/cert pair to have another Server Cert for your nodo2 directory server. And you are correct, this is not explicit in the documentation. Note: You should perform these steps using your original key/cert database because you are going to use your original CA key/cert to create a new server key/cert for nodo2. Step 1: This is the same as step 7 in the SSL HowTo - http://directory.fedora.redhat.com/wiki/Howto:SSL#Basic_Steps (with the caveat to use the FQDN in the cn of the server cert subject DN - in this case, use the FQDN of nodo2) You must use a different name (e.g. Server-Cert-nodo2 or something like that) when creating the cert Step 2: The DS on nodo2 needs both the key and cert that you have created, so you will need to export that information as a p12 file e.g. ./shared/bin/pk12util -d . -P slapd-serverID- -o servercertnodo2.pfx -n Server-Cert-nodo2 Step 3: You need to import this servercertnodo2.pfx file into the key/cert db on nodo2. After copying the file to the /opt/fedora-ds/alias directory on that machine: ../shared/bin/pk12util -d . -P slapd-nodo2- -i servercertnodo2.pfx -n Server-Cert You must specify the name as Server-Cert here in order to use the default SSL configuration. Step 4: Import your CA cert into slapd-nodo2 - you may need to copy cacert.asc to nodo2. Then ../shared/bin/certutil -A -d . -P slapd-nodo2- -n "CA certificate" -t "CT,," -a -i cacert.asc > Thank's in advance > > Alex > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3178 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20060328/87c84790/attachment.bin
