adding ssl from the FMC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

McManus, Thomas wrote:
>
> I've been trying for the last 2 days to setup SSL on FDS without any 
> luck and little feedback. Following the Redhat Directory Server 8.0 
> Administration Guide, Chapter 11, I've tried to install a local 
> certificate both through the console and at the command line using 
> certutil.
>
What platform? What version of fedora ds? rpm -qi fedora-ds-base
>
> From the console going through every step. In step 2 the DN is:
>
> CN="ldap1.chip.org", OU="CHIP", O="Childrens Hospital Boston", 
> L="Boston", ST="Massachusetts", C="US"
>
> In step 3 I get:
>
> Unable to convert DN to certificate name.
>
This is a known console problem - try omitting the double quotes - you 
should not need them
>
> Using the certutil these commands worked:
>
> certutil -N -d . -f pwdfile -P slapd-ldap1 certutil -S -n "CA 
> certificate" -s "cn=Childrens Hospital Informatics Program, dc=chip, 
> dc=org" -x -t "CT,," -m 1000 -v 120 -d . -k rsa -g 1024 -f pwdfile -P 
> slapd-ldap1 certutil -S -n "Server-Cert" -s "cn=ldap1.chip.org,cn=DS1" 
> -c "CA certificate" -t "u,u,u" -m 1001 -v 120 -d . -k rsa -g 1024 -f 
> ./pwdfile -P slapd-ldap1 certutil -d . -L -n "CA certificate" -a > 
> cacert.asc -P slapd-ldap1
>
Why are you specifying -P? You should not need to do that anymore. Where 
in the instructions does it say to do that?
>
> Using the pk12util failed
>
> pk12util -d . -o ldap1.p12 -n Server-Cert1 -w ./pwdfile.txt -k 
> ./pwdfile.txt The error is: pk12util: find user certs from nickname 
> failed: security library: bad database.
>
You are missing the -P
>
> I've run these 2 programs multiple times and googled to no avail. 
> Could anyone help with this?
>
> Tom McManus
>
> System Manager II
>
> Research Computing
>
> Children?s Hospital Boston
>
> 300 Longfellow Ave., Enders 146.1
>
> Boston MA 02115
>
> Office: 617 919 2308
>
> Mobile: 617 997 2665
>
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20081202/c480d20e/attachment.bin
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux