[389-users] Command line to request certificate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Prashanth Sundaram wrote:
> All,
>
> I know I am being a bummer here, but I am running into problems now 
> and then. The reason is I am trying to script out the FDS deployment.
>
> Here are my questions:
>
>    1. What is the command line equivalent of requesting a server
>       certificate for Admin Server and Directory server? The console
>       works fine.
>
>          I am using openssl to generate certificates in x509 format.
There is a script which creates a self signed CA cert, then uses that CA 
to create server certs, using the certutil and pk12util command line 
tools.  Have you seen this - 
http://directory.fedoraproject.org/wiki/Howto:SSL#Script
>
>      2.  In order to setup subsequent FDS servers, I should copy 
> /etc/dirsrv ;  /usr/lib/dirsrv /  ;  /var/lib/dirsrv   to the other 
> hosts.  Is this correct?
No.
> And Run register-ds-admin.pl
No.

You should not copy anything.  You should simply run setup-ds-admin.pl 
on each machine.  If you want to use a centralized console, that is, if 
you want to be able to see all of your servers no matter where you run 
the console, then you should select the option to use an existing 
configuration directory server on each server (other than the first one, 
of course).

Have you read the Install Guide - 
http://www.redhat.com/docs/manuals/dir-server/8.1/install/index.html
>
>      3.If I do as in 2.  Not sure if the certificates will cause 
> issue. Also I am using ldap.domain.com as server identifier and 
> mapping a virtual IP for load balancing purpose. I read that server 
> name should be same as hostname, but I am using a DNS record if 
> ldap.domain.com. Will it cause any issues?
Yes.  You will probably want to use subjectAltName in your directory 
server certificates.  See 
http://directory.fedoraproject.org/wiki/Howto:SSL#Using_Subject_Alt_Name
>
> Thanks,
> Prashanth
>
>
>
>
> ------------------------------------------------------------------------
>
> --
> 389 users mailing list
> 389-users at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>   

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3258 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20090810/b1d6592f/attachment.bin
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux