Re: Setting a self ssl certificate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Steven Jones wrote:
The Fedora ssl document talks about replacing instruction 7. 
with its own, OK

But, do I then carry on following the RDS document? ie do 8. and 9. and
if so is the syntax for 9. correct? Eg,
".....9. Run pk12util to convert the certificate database to pkcs12 format, so it is accessbile by the Directory Server: /serverRoot/shared/bin/pk12util -d . -o cert.pk12 -n Server-Cert 

......."
Yes. This is correct. However, this step is not really necessary, it's only used in order to backup your newly generated private key material in a portable format. This step is not needed in order to activate SSL in the server.
The setupssl.sh script http://directory.fedoraproject.org/wiki/Howto:SSL#Script 
does this:
pk12util -d $secdir $prefixarg -o $secdir/adminserver.p12 -n server-cert -w $secdir/pwdfile.txt -k $secdir/pwdfile.txt There are two passwords. -w is the password used to encrypt the key material in the pk12 file. -k is the password for your key database, from where the private key is extracted. So you could do something like this (assuming you created a file pwdfile.txt with your password): 
pk12util -d . -o cert.pk12 -n Server-Cert -w pwdfile.txt -k pwdfile.txt
This also assumes you use the same password for your key database as to encrypt your pk12 file. 



Or is this bit missing from the RDS howto command as well?

"-P slapd-serverID-"

Then do I follow on with the fedora doc?

You can use or omit the -P slapd-serverID-
step 8 does this:
mv key3.db slapd-server-key3.db
mv cert8.db slapd-server-cert8.db
ln -s slapd-server-key3.db key3.db
ln -s slapd-server-cert8.db cert8.db
So you have both cert8.db and slapd-server-cert8.db which refer to the same file. So you can specify -P or omit it, it should not matter. 
regards

Steven Jones
Senior  Linux/Unix/San/Vmware System Administrator
APG -Technology Integration Team
Victoria University of Wellington
Phone: +64 4 463 6272


--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux