Exporting the Fedora DS certificate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi all,

Rusch Philipp pru09 a ?crit :
>
> Hi together,
>
>  
>
> I have successfully set up my directory server. For a disaster 
> tolerant topology I want to load balance the two servers over a F5 LTM 
> load balancer. My problem is, that I have tried to export the 
> certificate ( I have a self generated one ) without a result. The load 
> balancer could only read certificates in pem format. So, if anyone of 
> you know what type of certificate the DS uses let me know about it ;-)
>
>  
>
> The certificate was generated with the gencert.sh script which is 
> available under
>
> http://github.com/richm/scripts/tree/master%2Fsetupssl.sh?raw=true
>
>  
>
> I don't know very much about the SSL stuff so I am not sure If I have 
> tried the right tools/commands.
>
>  
>
> Which one is the certificate the slapd-yourhost-cert8.db or is it only 
> stored in there?
>
>  
>
> Thank you in advance!
>
>  
>
> Cheers
>
> phru
>
I had the same issue exporting my certificate in pkcs12 format to import 
it to the radius part of my authentification server.

Indeed, there are two certificates in the pkcs12 file for chaining with 
root certificat, you must specify to write options to extract only the 
good one (or edit the pem on you own to cut off the bad one).

# certutil --d . -L

# pk12util --d . --o ldap-server.pk12 --n ?certificate name ?

# pk12util --d /etc/dirsrv/slapd-server/ -i ldap-server.pk12 --n 
?certificat name?

# openssl pcks12
 -clcerts : no client certificate
 -cacerts : no CA certificate

I think the option -cacerts will fix your issue as it fixed mine.

In fact, it's a bug with poor implementations of pem file reading (like 
freeradius does).

Hope it would help.

Regards.

-- 
*Nicolas CAREL
**Service Commun Informatique
*Chef de service
Tel : 04 72 76 61 43  -  e-mail : nicolas.carel at inrp.fr

*Institut National de Recherche P?dagogique
<http://www.inrp.fr/>*19 all?e de Fontenay - B.P. 17424 - 69347 LYON 
CEDEX 07
Standard : 04 72 76 61 00 - T?l?copie : 04 72 76 61 10
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20081107/619debc6/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 4503 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20081107/619debc6/attachment.bin
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux