Craig White wrote:
They have to be in the file called slapd-name-cert8.db - it won't find them if they are in cert8.db.On Thu, 2005-12-08 at 13:27 -0700, Richard Megginson wrote:Craig White wrote:On Thu, 2005-12-08 at 13:00 -0700, Richard Megginson wrote:Craig White wrote:Trying to follow instructions at http://www.redhat.com/docs/manuals/dir-server/ag/7.1/ssl.html#1087158Step #8 Copy the key3.db and cert8.db you created to the default databases created at Directory Server installation: where is this 'default databases'? /opt/fedora-ds/slapd-srv1/ ? # srv1 is name of my server/opt/fedora-ds/alias/slapd-srv1-key3.db /opt/fedora-ds/alias/slapd-srv1-cert8.db---- OK - well that was where I created them... # ls -l /opt/fedora-ds/alias/ total 520 -rw------- 1 nobody nobody 65536 Dec 8 12:55 admin-serv-srv1-cert8.db -rw------- 1 nobody nobody 16384 Dec 8 12:55 admin-serv-srv1-key3.db -rw------- 1 root root 65536 Dec 8 11:18 cert8.db -rw------- 1 root root 2644 Dec 8 11:18 cert.pk12 -rw------- 1 root root 16384 Dec 8 11:18 key3.db -rwxr-xr-x 1 root nobody 194880 Nov 29 15:06 libnssckbi.so -rw-r--r-- 1 root root 55 Dec 8 11:09 noise.txt -rw------- 1 root root 9 Dec 8 11:09 pwdfile.txt -rw------- 1 nobody nobody 16384 Dec 6 08:46 secmod.db -rw------- 1 nobody nobody 65536 Dec 8 10:55 slapd-srv1-cert8.db -rw------- 1 nobody nobody 16384 Dec 8 10:55 slapd-srv1-key3.db I didn't see them listed anywhere in the console.Didn't see what listed anywhere in the console?---- the certificates that I generated using certutil. I never could find evidence of them in any console.
The files listed above I am certain were generated by openssl creation of the CA certificate and using that to sign the requests from the Server Certs portions of the Administration and Directory Consoles - and 'installing' them in the console...because of the time signatures. ----
I think the directions mean "copy your new key3.db over slapd-srv1-key3.db and copy your new cert8.db over slapd-srv1-cert8.db". When you do this, make sure slapd isn't running, and make sure you retain the old ownership and permissions of those files (e.g. nobody:nobody and 0600). Slapd (uid nobody) has to open those files in read-write mode.---- it would appear that having the above contents of /opt/fedora-ds/alias and the db files chmod 600 nobody:nobody as per above - that even though I generated them ultimately with openssl and not certutil and they are listed in both Administration and Directory consoles in both CA Certs and Server Certs that I am good to go to next step.
Ok.
Thanks Craig -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
