Re: How to change certificate options using 389-console ?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Now I can't find the old posting from 389-users from 2009, IIRC, where
Rich said "Don't do that".

But I'm trying it command line now - thanks a bunch, Ryan - and we'll
see.

But as far as I can tell, the 389-console is only going to try and
generate a 1024 bit key, and that's no longer acceptable to Verisign and
others - we can't get a key with less than 2048 bits now.

Is this configurable? It seems it should be?

Thanks,
Addison


On Mon, 2012-05-07 at 12:26 -0600, Groten, Ryan wrote:
> Never knew command line is frowned upon.  I used command line to generate my cert requests as well since the gui can't do things like SAN.  Haven't had any issues generating my certreqs that way.  Once the certificate comes back I use the gui to import.
> 
> -----Original Message-----
> From: 389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:389-users-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf Of Addison Laurent
> Sent: Monday, May 07, 2012 12:13 PM
> To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> Subject:  How to change certificate options using 389-console ?
> 
> I'm trying to add a new server, and will need to use SSL, of course.
> But all the instructions tell how to generate a self-signed CA, but we've got real signed certs on the other servers, and so I'm trying to generate a CSR for the new one.
> 
> 
> Generating one from the 389-console is only giving me a 1024-bit key, and 2048 is required.
> 
> 
> I see that running the cert request from the command line is not the preferred option, but how else can I change the parameters for the cert request?
> 
> 
> Thanks,
> Addison
> 
> 
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users
> 
> This communication, including any attached documentation, is intended only for the person or entity to which it is addressed, and may contain confidential, personal and/or privileged information. Any unauthorized disclosure, copying, or taking action on the contents is strictly prohibited. If you have received this message in error, please contact us immediately so we may correct our records. Please then delete or destroy the original transmission and any subsequent reply.
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux