First you should check what certificates names you have in certutil database. In slapd directory type:
certutil -d . -L
this should show you all certificates in database (server certificates aswell). Usualy CA certs are named soo you could recognize them.
Now you need to chose the CA certificate from the list and use it in this command:
certutil -d . -L -n "THE_NAME_OF_YOU_CA_CERT_HERE" -a > /root/ds-ca.crt
I did not use much 389 but i think this should work on 389 as well as on el5 distros where I've tested this way of exporting certs.
Rest of atricle should be clear now. Remember to enable ssl/tls or starttls on 389.
Good luck
Grzegorz
2012/7/27 fosiul alam <expertalert@xxxxxxxxx>
HI i have installed ssl certificate from bellow script
https://github.com/richm/scripts/blob/master/setupssl2.sh
it went fine.
but I dont understand, how will i create Certificate file for the clients.
according to documentation :http://directory.fedoraproject.org/wiki/Howto:SSL#Configure_LDAP_clients
i need to expoert CA cert from ASCII which is
cacert.asc , but dont understand how will i do that
I have cacert.asc in /etc/dirsrv/slapd-instance directory
but dont know how to export cert file into client/etc/openldap/cacerts/I am trying this from last couple of day.
can any one please help me .
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
