Susan wrote:
It's really just for backup purposes. You can backup your key and cert db files instead.--- Nathan Kinder <nkinder@xxxxxxxxxx> wrote:Dan Lipsitt wrote:Yea. I had to do it so often, that I've scripted it: Put your cert DB password in pwdfile.txt, put some noise in the noise file and run this. I think these may be a little different from the manual, I got the syntax from Rich M. It works though. One thing I don't understand still is the purpose of the pk12util... I run it because the wiki says to run it. No idea what it's for, however.
____________________contents of cert gen script______________[root@cnyldap01 alias]# cat certs.sh #!/bin/sh../shared/bin/certutil -N -d . -f pwdfile.txt ../shared/bin/certutil -G -d . -z noise.txt -f pwdfile.txt ../shared/bin/certutil -S -n "CA certificate" -s "cn=CAcert" -x -t "CT,," -m 1000 -v 120 -d . -z noise.txt -f pwdfile.txt ../shared/bin/certutil -S -n "Server-Cert" -s "cn=server-cert" -c "CA certificate" -t "u,u,u" -m 1001 -v 120 -d . -z noise.txt -f pwdfile.txt echo moving key.. mv key3.db slapd-`-hostname -s`-key3.db mv cert8.db slapd-`hostname -s`-cert8.db ln -s slapd-`hostname -s`-key3.db key3.db ln -s slapd-`hostname -s`-cert8.db cert8.db echo pk.. ../shared/bin/pk12util -d . -P slapd-`hostname -s`- -o servercert.pfx -n Server-Cert ____________________end of contents of cert gen script______________ __________________________________________________ Do You Yahoo!?Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
