Re: Certificate between 389DS and Active Directory

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 03/27/2013 08:46 AM, Grzegorz Dwornicki wrote:

I had missunderstood you im this case. No you don't need to create second CA. But you must generate cert for DS on AD CA. Then you need to import this cert with AD CA cert on DS


You don't have to use AD CA to generate the 389DS server cert.  You can, and it may be the best way to do it.

Greg.

27 mar 2013 15:41, "alexandre" <axel0felix@xxxxxxxxx> napisał(a):
I'm really impressed by the reactivity of this list !!!

Sorry my understanding is not perfect because i'm french, so I don't have any CA in my DS, I have one CA (installed on my domain controller).

Do I need to install a CA in my DS ? (when I write CA for me it means a Authority).


Alex


2013/3/27 Grzegorz Dwornicki <gd1100@xxxxxxxxx>

If you have diferent CA in AD vs DS then you need to do this import.

AD by default don't use LDAPS or STARTSSL soo you need to install ms cert CA stuff.

Greg.

27 mar 2013 15:07, "alexandre" <axel0felix@xxxxxxxxx> napisał(a):
Everything works fine, except I don't understand right this line:

"Import the CA certificate from Directory Server into Active Directory. Click Trusted Root CA, then Import, and browse for the Directory Server CA certificate."

For me CA certificate, it's a certificate from the Authority, so in my Active Directory the certificate from the authority is already know in the Trusted Root CA.

So, do I need to import 389DS server certificate in my active directory ?

And finally, there is no indication to do that, someone can help me to pass through ?

Thanks in advance.

Best regards,
Alex

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux