Hi Fernando,
On 8/22/19 5:21 AM, Fernando Fuentes wrote:
Is there a how to for this procedure?
## Convert to PKCS#12:
# openssl pkcs12 -export -out demo.p12 -inkey
pki/private/demo.example.com.key -in pki/issued/demo.example.com.crt
Enter pass phrase for pki/private/demo.example.com.key:
Enter Export Password:
Verifying - Enter Export Password:
# Import to DS NSS DB:
# pk12util -i demo.p12 -d /etc/dirsrv/slapd-instance_name/ -W password
Enter Password or Pin for "NSS Certificate DB":
pk12util: no nickname for cert in PKCS12 file.
pk12util: using nickname: demo.example.com
pk12util: PKCS12 IMPORT SUCCESSFUL
## Display the imported cert:
# certutil -d /etc/dirsrv/slapd-instance_name/ -L
Certificate Nickname Trust
Attributes
SSL,S/MIME,JAR/XPI
demo.example.com u,u,u
## Display the imported private key:
# certutil -d /etc/dirsrv/slapd-instance_name/ -K
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private
Key and Certificate Services"
Enter Password or Pin for "NSS Certificate DB":
< 0> rsa ec30598b2107c71dd69494d51d7de6ef0e57ffbe demo.example.com
Please let me know if it works, and DS does not complain about it when
you use the key/cert.
Regards,
Marc
--
Marc Muehlfeld (Senior Technical Writer)
Customer Content Services
_______________________________________________________________________________
Red Hat GmbH, Werner-von-Siemens-Ring 14, 85630 Grasbrunn, Germany
http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael O'Neill,
Tom Savage, Eric Shander
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx