ggistra at aol.com wrote: > > Regarding "Using certutil" section in the "Managing SSL and SASL" > chapter of the Administrator's Guide 7.1: > > The instructions seem to indicate that one should use the same > password to protect > * the key and certificate databases > * the encryption key > * the certificates > > Is this correct? Is the pwdfile.txt still needed after the > certificates are generated? Not technically, but it's a good idea to keep it around in case you want to issue additional certs. You can always create it from the contents of the pin.txt file (assuming you have the same password). > > The "Enabling SSL ..." section of the same chapter talks > about creating the password file needed to restart the server > automatically. This is presumably the same password used to generate > certificates (or is it not?). It usually is the same, but it doesn't have to be. > Is there a way to achieve the unattended restart while avoiding > placing the password in a cleartext file? You can also use the modutil -changepw command to change the password to a blank password (i.e. just hit Enter). But then your private key will be unprotected. It's essentially the same protection as the cleartext password file, but a little easier to manage. > > Thanks, > Gabi > ------------------------------------------------------------------------ > Get the MapQuest Toolbar > <http://www.mapquest.com/toolbar?NCID=mpqmap00030000000003>, Maps, > Traffic, Directions & More! > ------------------------------------------------------------------------ > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3245 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20080404/6402f5ed/attachment.bin
