Re: adding ssl from the FMC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

McManus, Thomas wrote:
I've been trying for the last 2 days to setup SSL on FDS without any luck and little feedback. Following the Redhat Directory Server 8.0 Administration Guide, Chapter 11, I've tried to install a local certificate both through the console and at the command line using certutil. 


What platform? What version of fedora ds? rpm -qi fedora-ds-base


From the console going through every step. In step 2 the DN is:
CN="ldap1.chip.org", OU="CHIP", O="Childrens Hospital Boston", L="Boston", ST="Massachusetts", C="US" 

In step 3 I get:

Unable to convert DN to certificate name.
This is a known console problem - try omitting the double quotes - you should not need them 

Using the certutil these commands worked:
certutil -N -d . -f pwdfile -P slapd-ldap1 certutil -S -n "CA certificate" -s "cn=Childrens Hospital Informatics Program, dc=chip, dc=org" -x -t "CT,," -m 1000 -v 120 -d . -k rsa -g 1024 -f pwdfile -P slapd-ldap1 certutil -S -n "Server-Cert" -s "cn=ldap1.chip.org,cn=DS1" -c "CA certificate" -t "u,u,u" -m 1001 -v 120 -d . -k rsa -g 1024 -f ./pwdfile -P slapd-ldap1 certutil -d . -L -n "CA certificate" -a > cacert.asc -P slapd-ldap1
Why are you specifying -P? You should not need to do that anymore. Where in the instructions does it say to do that? 

Using the pk12util failed
pk12util -d . -o ldap1.p12 -n Server-Cert1 -w ./pwdfile.txt -k ./pwdfile.txt The error is: pk12util: find user certs from nickname failed: security library: bad database. 


You are missing the -P
I've run these 2 programs multiple times and googled to no avail. Could anyone help with this? 

Tom McManus

System Manager II

Research Computing

Children’s Hospital Boston

300 Longfellow Ave., Enders 146.1

Boston MA 02115

Office: 617 919 2308

Mobile: 617 997 2665

------------------------------------------------------------------------

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

<<attachment: smime.p7s>>

--
Fedora-directory-users mailing list
Fedora-directory-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux