Jo De Troy wrote: > Hello, > > I was wondering if it's possible to use the certifcates of Fedora DS for > an Apache webserver running on the LDAP server. > Is it possible to export the certificates in the cert7 and key3 > databases and use the exported certificates for setting up an SSL > enabled Apache? > If it's possible how should I go about? You can use pk12util to extract the certificate into a PKCS#12 file and then use openssl to extract the key and certificate into PEM format. Something like this, though this is off the top of my head so the syntax may not be exactly right: % pk12util -o /opt/fedora-ds/alias/mycert.p12 -P slapd-foo- -d /opt/fedora-ds/alias -n "server-cert" # Pull out as separate cert and key % openssl pkcs12 -in /opt/fedora-ds/alias/mycert.p12 -nokeys -out server-cert.crt % openssl pkcs12 -in /opt/fedora-ds/alias/mycert.p12 -nocerts -out server-cert.key Add -nodes to the key execution to have an unencrypted key (not very secure). To put the cert and key into the same file: % openssl pkcs12 -in /opt/fedora-ds/alias/mycert.p12 -out server-cert.pem rob -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20070503/dfb63ede/attachment.bin
