On 09/23/2011 02:58 PM, Rich Megginson wrote: > On 09/23/2011 02:53 PM, Orion Poplawski wrote: >> On 09/23/2011 01:44 PM, Rich Megginson wrote: >>> On 09/23/2011 01:24 PM, Orion Poplawski wrote: >>>> Does it matter that they aren't >>>> showing up with certutil? >> >>> Yes. >> >> That's what I thought so I used certutil as well. The console then showed >> those entries with the names I gave them with certutil. > So they are showing up in the console but not certutil? Any difference between > certutil -d /etc/dirsrv/slapd-hostname -L > and > certutil -d /etc/dirsrv/admin-serv -L > ? That is, perhaps they were added to the admin server but not the directory > server? Good catch - the ones I added through the console are in admin-serv. I definitely connected to the directory server though and not the admin server. >>> Are these chained to a well-known root CA? If so, you can add those to the >>> directory server CA certs list: >>> http://directory.fedoraproject.org/wiki/Howto:SSL#Viewing_the_list_of_built-in_CA_certs >>> >> >> The top in the bundle is www.valicert.com, for which I haven't had trouble >> with for browsers and the like. I'm not having any luck with linking in the >> library and seeing the root CAs. > so if you link the library, and then do > certutil -d /etc/dirsrv/slapd-hostname -L > you don't see any of those CA certs? Correct. Not with certutil or in 389-console > Try stopping the directory server before using certutil. No help. -- Orion Poplawski Technical Manager 303-415-9701 x222 NWRA/CoRA Division FAX: 303-415-9702 3380 Mitchell Lane orion@xxxxxxxxxxxxx Boulder, CO 80301 http://www.cora.nwra.com -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users