Le 23/08/2019 à 16:52, Marc Muehlfeld a écrit : > Instead of using only a self-signed cert, wouldn't it make more sense to > 1) create your own CA > 2) create a CSR using certutil (see RHDS docs, section 9.3.2) > 3) let your CA issue the cert > 4) import the CA cert (see RHDS docs, section 9.3.3) > 5) import the server cert (see RHDS docs, section 9.3.4) > 6) install the CA cert on your clients (not yet in RHDS 10 docs, > but I can easily backport the content) > > Then clients who trust the CA cert will automatically trust the connection. I followed your advice to the letter, and things look OK for now. I had to do some RTFM, but once I stumbled over easy-rsa, creating my own CA and using it so sign the certificate was relatively easy. By the way: kudos to the clear and concise Red Hat documentation. Cheers, Niki -- Microlinux - Solutions informatiques durables 7, place de l'église - 30730 Montpezat Site : https://www.microlinux.fr Mail : info@xxxxxxxxxxxxx Tél. : 04 66 63 10 32 Mob. : 06 51 80 12 12 _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
