Exporting the Fedora DS certificate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I had the same issue exporting my certificate in pkcs12 format to import it to the radius part of my authentification server. 

Indeed, there are two certificates in the pkcs12 file for chaining with root certificat, you must specify to write options to extract only the good one (or edit the pem on you own to cut off the bad one). 

# certutil -d . -L

# pk12util -d . -o ldap-server.pk12 -n ?certificate name ?

# pk12util -d /etc/dirsrv/slapd-server/ -i ldap-server.pk12 -n ?certificat name?

# openssl pcks12 
 -clcerts : no client certificate
 -cacerts : no CA certificate

I think the option -cacerts will fix your issue as it fixed mine.

In fact, it's a bug with poor implementations of pem file reading (like freeradius does).

Hope it would help.

Regards.

-- 
Nicolas CAREL
Service Commun Informatique
Chef de service
Tel : 04 72 76 61 43  -  e-mail : nicolas carel inrp fr <mailto:nicolas%20carel%20inrp%20fr> 

Institut National de Recherche P?dagogique
<http://www.inrp.fr/> 19 all?e de Fontenay - B.P. 17424 - 69347 LYON CEDEX 07
Standard : 04 72 76 61 00 - T?l?copie : 04 72 76 61 10 

Attachment: smime.p7s <https://www.redhat.com/archives/fedora-directory-users/2008-November/p7sg6w5dtKKbf.p7s> 
Description: S/MIME Cryptographic Signature

 

Hi,

 

Thank you for your help. I am using fedora-ds 1.0.4-1 (RH4).

 

When I try to run the certutil -d . -L command there is no output or certificate available?!  Where is the mistake?

 

/opt/fedora-ds/alias

/opt/fedora-ds/shared/bin/certutil -d . -L

 

 

In the directory /opt/fedora-ds/alias I have the following files:

 

admin-serv-host-cert8.db

admin-serv-host-key3.db

adminserver.p12

cacert.asc

cert8.db

gencert.sh

key3.db

libnssckbi.so

noise.txt

password.conf

pwdfile.txt

secmod.db

slapd-host-cert8.db

slapd- host -cert8.db.bak

slapd- host -key3.db

slapd- host -key3.db.bak

slapd- host -pin.txt

 

The secured LDAP connection from a client to the server is working properly, therefore I think the certificates are installed right.

 

Thank you in advance

 

Regards

Phru

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20081107/b680a4cf/attachment.html
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux