Re: SSL problem on replication!

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Alex wrote:
well, no. The reason why you don't see ssl server cert on nodo2 is because you never created it! 



At this point i want to be sure that I understand correctly...I did 5
minutes ago exactly what you say in your previous post...now i have in
window of nodo1 Server-Cert and Ca certificate...so in "Encryption tab" I
checked "enable ssl for this server" and in certificate I used
Server-Cert....at this point, to enable ssl on nodo2 what exactly have I to
do?

-Export Server-Cert on nodo2
-Run the script in nodo2

...I 'm apologize but this is the first time that I use both Fedora DS and
configuring SSL..and IMHO documentation is not very clear about this point!
I'm not sure, but I think what you need to do is to create another key/cert pair to have another Server Cert for your nodo2 directory server. And you are correct, this is not explicit in the documentation. Note: You should perform these steps using your original key/cert database because you are going to use your original CA key/cert to create a new server key/cert for nodo2. Step 1: This is the same as step 7 in the SSL HowTo - http://directory.fedora.redhat.com/wiki/Howto:SSL#Basic_Steps (with the caveat to use the FQDN in the cn of the server cert subject DN - in this case, use the FQDN of nodo2) You must use a different name (e.g. Server-Cert-nodo2 or something like that) when creating the cert Step 2: The DS on nodo2 needs both the key and cert that you have created, so you will need to export that information as a p12 file e.g. 

./shared/bin/pk12util -d . -P slapd-serverID- -o servercertnodo2.pfx -n Server-Cert-nodo2
Step 3: You need to import this servercertnodo2.pfx file into the key/cert db on nodo2. After copying the file to the /opt/fedora-ds/alias directory on that machine: 

../shared/bin/pk12util -d . -P slapd-nodo2- -i servercertnodo2.pfx -n Server-Cert
You must specify the name as Server-Cert here in order to use the default SSL configuration.
Step 4: Import your CA cert into slapd-nodo2 - you may need to copy cacert.asc to nodo2. Then 

../shared/bin/certutil -A -d . -P slapd-nodo2- -n "CA certificate" -t "CT,," -a -i cacert.asc



Thank's in advance

Alex

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux