Prashanth Sundaram wrote: > Rich, > > The script that you directed me to, it installs the CA cert in the > server cert tab when I check in console. There is a bug in the script - it doesn't add all of the flags to the CA cert to make it show up as a CA cert in the console. But it really is a CA cert and you can use it as a CA cert. > I tried manually adding it but it would still end up along with > Directory server-cert. That's annoying, but it should still work for TLS/SSL just fine. > Also the admin server-cert shows up here as well. Right. The script generates the admin server cert in the directory server cert database, then exports it for use in the admin server cert database. > > How do I troubleshoot that? The certs are fine in Admin server, but > not in Directory instance. > > http://directory.fedoraproject.org/wiki/Howto:SSL#Script > > Another question: Since I am going to have two ldap servers and VIPs, > can I just specify the DNS host names with the certificate like add > certutil ?S.... ?8 ldap.foo1.com.ldap.foo2.com within the script, > saving extra work? Sure - feel free to hack the script as you need to. > > Thanks for your help!! > ------------------------------------------------------------------------ > > -- > 389 users mailing list > 389-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20090812/daded16c/attachment.bin
