We have a CA using our corporate certificate which we want to sign our certificates for the fedora-ds and clients. I am trying to work out how to do this. The setupssl2 script works fine in generating and installing a self-signed certifictae on the server(s) but we now want to generate and sign using our CA. Does anybody have a set of instructions that would cover this case? In particular I would like to understand when the use of certutil is mandatory and when it can be replaced with one or more openssl commands. Eventually I would like to be able to configure the server using the setup-ds-admin script with a certificate already pre-generated by openssl quoted as the CACertificate parameter. One complication to all of this is that we need to assign a number of SubjectAltNames to the certificates so that a server may have multiple identities! Regards, Howard
