Ryan Braun [ADS] wrote: > On Thursday 11 September 2008 15:44, Rich Megginson wrote: > >>> So I'm wondering if I need to somehow reinit some of the encryption keys? >>> Or maybe I missed a step for replacing a Server-Cert? But from the docs >>> it looks like a straight forward turn off fds, remove old cert, >>> create/import new cert (with same name), restart fds. >>> >> Unfortunately, those keys were encrypted with the old key/cert. But as >> long as you don't want to use reversible attribute encryption, you can >> ignore those messages. >> > > For the sake of argument and potential future issues ( I don't know enough > about how the whole encryption system works unfortunately ), lets say I did > want to use reversible attribute encryption :) > I think reversible attribute encryption creates some config entries under the parent database entry in dse.ldif (cn=config) - I think you just have to remove those entries. Of course, if you do this, and you have used reversible attribute encryption, your encrypted attribute values will be lost forever. > Ryan > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20080911/48c1333b/attachment.bin
