I posted a similar question on the NSS newsgroup and asked about usage of certutil documented in the RH DS Admin Guide. The response I got is that step 5 in section "using certutil" is a no-op. For detail, please see http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/ae13056d51d189ac - David On Tue, Apr 8, 2008 at 3:50 PM, Rich Megginson <rmeggins at redhat.com> wrote: > ggistra at aol.com wrote: > > > > > Step 5 in section "Using certutil" of the The Directory Server > > Administrator's Guide 7.1, Chapter 11, generates "the encryption key" using > > the -G option. According to the certutil documentation, this generates a > > public/private key pair. > > > I think it's the encryption key for the self signed CA you are creating. > > > /What is this key pair used for?/ It doesn't seem to be the key used for > > the self-signed ceritficate or the server certificate, as the -S switch on > > certutil - judging by the available options for -S - appears to generate a > > new key pair. > > Thanks, > > Gabi > > ------------------------------------------------------------------------ > > Get the MapQuest Toolbar < > > http://www.mapquest.com/toolbar?NCID=mpqmap00030000000003>, Maps, > > Traffic, Directions & More! > > ------------------------------------------------------------------------ > > > > -- > > Fedora-directory-users mailing list > > Fedora-directory-users at redhat.com > > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > > > > > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > > -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20080410/8326e667/attachment.html
