Hi,
On 8/26/19 9:30 AM, Nicolas Kovacs wrote:
Le 23/08/2019 à 16:52, Marc Muehlfeld a écrit :
Instead of using only a self-signed cert, wouldn't it make more sense to
1) create your own CA
2) create a CSR using certutil (see RHDS docs, section 9.3.2)
3) let your CA issue the cert
4) import the CA cert (see RHDS docs, section 9.3.3)
5) import the server cert (see RHDS docs, section 9.3.4)
6) install the CA cert on your clients (not yet in RHDS 10 docs,
but I can easily backport the content)
Then clients who trust the CA cert will automatically trust the connection.
Step 6 is now available in the RHDS 10.4 docs:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/administration_guide/enabling_tls#adding_the_ca_certificate_used_by_directory_server_to_the_trust_store_of_the_operating_system
By the way: kudos to the clear and concise Red Hat documentation.
Thanks. That's good to hear.
Regards,
Marc
--
Marc Muehlfeld (Senior Technical Writer)
Customer Content Services
_______________________________________________________________________________
Red Hat GmbH, Werner-von-Siemens-Ring 14, 85630 Grasbrunn, Germany
http://www.de.redhat.com/, Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Michael O'Neill,
Tom Savage, Eric Shander
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
