> I'm no expert but it looks to me like it is expecting a certificate, not > a PKCS#12 file. The man page isn't exactly clear on what types are > acceptable but based on the certutil error it looks like it only accepts > PEM files. It isn't at all clear to me how one passes in the private key > or a chain of trust. this https://directory.fedoraproject.org/docs/389ds/howto/howto-ssl-archive.html#importing-an-existing-self-sign-keycert-or-3rd-party-cacert flops back-n-forth 'tween 'pk12util' & 'certutil usage, and manages to completely avoid any mention of dsconf (which appears to use certutil), so ... ... i'll join the confusion! that said, it _seems_ clear that the .p12 _is_ needed, since there's no other key input mechanism. it'd certainly be easier it dsconf simply allowed spec'n of ca_cert cert key in pem formats without the p12 'hoops' ... _______________________________________________ 389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
