James Chavez wrote: > Hello List, > > I am trying to setup SSL between an AD or edir box and my FDS box. > I want to generate a server cert for the AD or edir box and import it > into edir/AD and import the CA cert into AD/edir as well. > > What commands do i use to accomplish this. > Also what format does the cert need to be to successfully import into AD > or edir. > > I have generated a self signed CA cert named "FDS CA" > exported with > certutil -L -d . -n "FDS CA" -a > ca.asc and > certutil -L -d . -n "FDS CA" -r > ca.der > > > > I have generated a server cert for the AD/edir box with > > certutil -S -n "server-Cert" -s "cn=host.example.com" -c "FDS CA" -t > "u,u,u" -m 3002 -v 120 -d . -z ./noise.txt -f ./pwdfile.txt > > And exported it with.. > pk12util -d . -o /tmp/server-cert.p12 -n "server-Cert" > > I then send the CA cert in ascii and .der format along with the > server-cert.p12 to the admin but he gets errors below trying to import > into edir. > Need help on this one please. > .. > > -1240 FFFFFB28 PKI E PARSE CERTIFICATE > I'm not sure, but why not just use Novell Certificate Server to generate all of your server certs? > Source > > Novell(r) Certificate Server > > Explanation > > Novell Certificate Server was unable to parse a certificate that has > been stored or is being stored. > > Possible Cause > > The user attempted to store a certificate or a certificate chain with an > invalid encoding into a Server Certificate object. The certificate or > certificate chain obtained from the Certificate Authority is invalid. > > Action > > Perform the following operations: > > * Contact the Certificate Authority that issued the server > certificate to obtain the Certificate Authority's certificate. > * Using ConsoleOne(r), view the Server Certificate object. Click > Import. > * Import the Certificate Authority's certificate as the trusted > root. > * Import the server's certificate as the object certificate. > > If the problem persists, contact the Certificate Authority. > > > Any body out there can help out please. > > Thanks > James > > CONFIDENTIALITY > This e-mail message and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail message, you are hereby notified that any dissemination, distribution or copying of this e-mail message, and any attachments thereto, is strictly prohibited. If you have received this e-mail message in error, please immediately notify the sender and permanently delete the original and any copies of this email and any prints thereof. > ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAIL IS NOT INTENDED AS A SUBSTITUTE FOR A WRITING. Notwithstanding the Uniform Electronic Transactions Act or the applicability of any other law of similar substance and effect, absent an express statement to the contrary hereinabove, this e-mail message its contents, and any attachments hereto are not intended to represent an offer or acceptance to enter into a contract and are not otherwise intended to bind the sender, Sanmina-SCI Corporation (or any of its subsidiaries), or any other person or entity. > > -- > Fedora-directory-users mailing list > Fedora-directory-users at redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users > -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3258 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.fedoraproject.org/pipermail/389-users/attachments/20090128/58ed30f5/attachment.bin
