On Mon, May 7, 2012 at 11:42 PM, Addison Laurent <alaurent@xxxxxxxxxxxx> wrote:
I'm trying to add a new server, and will need to use SSL, of course.
But all the instructions tell how to generate a self-signed CA, but
we've got real signed certs on the other servers, and so I'm trying to
generate a CSR for the new one.
Generating one from the 389-console is only giving me a 1024-bit key,
and 2048 is required.
I see that running the cert request from the command line is not the
preferred option, but how else can I change the parameters for the cert
request?
In order to generate a 2048-bit ASCII certificate request, certain options must be specified as seen in the example below:
# certutil -R -d /database/directory/ -s "cn=myhost.example.com,dc=myorg,dc=com" -a -g 2048
Where:
-R - Specifies that a certificate request file be generated
-d - Specifies the database directory
-s - Specifies the subject
-a - Specifies the use of ASCII format
-g - Specifies the keysize
After successful creation, the request can be sent to the certificate authority for signing.
Arpit Tolani
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
