Chavez, James R. wrote:
Rich , Thanks again, Do I email the log to the entire list?
No
Or can I shoot it to you?
Yes - or just paste it to fpaste.org and email the link
Thank youJames-----Original Message-----From: Rich Megginson [mailto:rmeggins@xxxxxxxxxx] Sent: Wednesday, January 28, 2009 4:03 PMTo: Chavez, James R. Cc: General discussion list for the Fedora Directory server project. Subject: Re: Proper way to generate a server certificate. Chavez, James R. wrote:Rich, Thank you again.The GUI console will not allow me to get past the 3rd screen where it asks for a password to the internal software store..I enter the correct password and it just sits there. I know the pass is correct because from the command line the same pass works to access the store. It will not go past. I have done this on various machines and it is the same result. Is there some kind of bug or needed software I need to have this function. All boxes are running.Try running fedora-idm-console -D 9 -f console.log email me the console.log also check the admin server error log - /var/log/dirsrv/admin-serv/errorFedora 9 and fedora-ds version 1.1.1 Release 3.fc9 Also, I sent a cert request (CSR) to the needed Novell CA and had themsign it and return it. I successfully imported it.The server cert I imported shows as having a broken chain on the certification path tab. And issued by null. I am assuming this is due to not having imported the CA cert thatissuedthis cert yet..Is that a valid assumption?Yes.Do I need the CA certificate in order to properly use this server cert that was generated?Yes.Thank you James -----Original Message-----From: Rich Megginson [mailto:rmeggins@xxxxxxxxxx] Sent: Wednesday, January 28, 2009 3:21 PMTo: Chavez, James R. Cc: General discussion list for the Fedora Directory server project. Subject: Re: Proper way to generate a server certificate. Chavez, James R. wrote:Mr. Rich, you responded!! Thank youThing is I generate a certificate request but am having issues importing it... I generate a key and cert with.. "openssl genrsa -des3 -out server.key 2048" for the key "openssl req -new -key server.key -out server.csr"I send it to the Novell Admin and sends back a server.b64 file.I try and import it through the gui as a server cert and it fails saying that." Either the certificate is for another server or the certificate wasnot requested using this server and the selected security device "internal (software)""I can import it as a CA cert but it shows as a broken chain and it issupposed to be server cert anyway. Any ideas on how to properly import this base 64 signed cert? Perhaps certutil or openssl commands?If you are going to generate a server cert request, and you are goingtouse the GUI, you should just use the GUI to generate the server cert request. Then you can submit that request to your CA and have it generate the server cert, then you can use the GUI again to installyournew server cert. You will also need to install the CA cert using the Fedora DS console GUI.Thank You James Openssl -----Original Message----- From: Rich Megginson [mailto:rmeggins@xxxxxxxxxx] Sent: Wednesday, January 28, 2009 1:48 PM To: Chavez, James R.; General discussion list for the FedoraDirectoryserver project. Subject: Re: Proper way to generate a servercertificate. James Chavez wrote:Hello List,I am trying to setup SSL between an AD or edir box and my FDS box. I want to generate a server cert for the AD or edir box and importitinto edir/AD and import the CA cert into AD/edir as well. What commands do i use to accomplish this. Also what format does the cert need to be to successfully importintoAD or edir. I have generated a self signed CA cert named "FDS CA"exported with certutil -L -d . -n "FDS CA" -a > ca.asc andcertutil -L -d . -n "FDS CA" -r > ca.der I have generated a server cert for the AD/edir box with certutil -S -n "server-Cert" -s "cn=host.example.com" -c "FDS CA"-t"u,u,u" -m 3002 -v 120 -d . -z ./noise.txt -f ./pwdfile.txt And exported it with.. pk12util -d . -o /tmp/server-cert.p12 -n "server-Cert" I then send the CA cert in ascii and .der format along with theserver-cert.p12 to the admin but he gets errors below trying to importI'm not sure, but why not just use Novell Certificate Server to generate all of your server certs?into edir.Need help on this one please. ..-1240 FFFFFB28 PKI E PARSE CERTIFICATESource Novell(r) Certificate Server Explanation Novell Certificate Server was unable to parse a certificate that hasbeen stored or is being stored. Possible Cause The user attempted to store a certificate or a certificate chainwithan invalid encoding into a Server Certificate object. Thecertificateor certificate chain obtained from the Certificate Authority isinvalid.Action Perform the following operations:* Contact the Certificate Authority that issued the server certificate to obtain the Certificate Authority's certificate.* Using ConsoleOne(r), view the Server Certificate object. ClickImport.* Import the Certificate Authority's certificate as the trusted root.* Import the server's certificate as the object certificate. If the problem persists, contact the Certificate Authority. Any body out there can help out please. Thanks James CONFIDENTIALITY This e-mail message and any attachments thereto, is intended onlyforuse by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail message, you are hereby notified that any dissemination, distribution or copying of this e-mail message, and any attachments thereto, is strictly prohibited. If youhave received this e-mail message in error, please immediately notifythe sender and permanently delete the original and any copies of thisemail and any prints thereof.IS NOT INTENDED AS A SUBSTITUTE FOR A WRITING. Notwithstanding the Uniform Electronic Transactions Act or the applicability of any otherABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAILlaw of similar substance and effect, absent an express statement to the contrary hereinabove, this e-mail message its contents, and any attachments hereto are not intended to represent an offer or acceptance to enter into a contract and are not otherwise intended tobind the sender, Sanmina-SCI Corporation (or any of itssubsidiaries),or any other person or entity.-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-usersCONFIDENTIALITY This e-mail message and any attachments thereto, is intended only foruse by the addressee(s) named herein and may contain legallyprivilegedand/or confidential information. If you are not the intended recipient of this e-mail message, you are hereby notified that anydissemination,distribution or copying of this e-mail message, and any attachments thereto, is strictly prohibited. If you have received this e-mail message in error, please immediately notify the sender and permanently delete the original and any copies of this email and any printsthereof.ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAILIS NOT INTENDED AS A SUBSTITUTE FOR A WRITING. Notwithstanding the Uniform Electronic Transactions Act or the applicability of any other law of similar substance and effect, absent an express statement tothecontrary hereinabove, this e-mail message its contents, and any attachments hereto are not intended to represent an offer oracceptanceto enter into a contract and are not otherwise intended to bind the sender, Sanmina-SCI Corporation (or any of its subsidiaries), or any other person or entity.CONFIDENTIALITY This e-mail message and any attachments thereto, is intended only foruse by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail message, you are hereby notified that any dissemination, distribution or copying of this e-mail message, and any attachments thereto, is strictly prohibited. If you have received this e-mail message in error, please immediately notify the sender and permanently delete the original and any copies of this email and any prints thereof.ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAILIS NOT INTENDED AS A SUBSTITUTE FOR A WRITING. Notwithstanding the Uniform Electronic Transactions Act or the applicability of any other law of similar substance and effect, absent an express statement to the contrary hereinabove, this e-mail message its contents, and any attachments hereto are not intended to represent an offer or acceptance to enter into a contract and are not otherwise intended to bind the sender, Sanmina-SCI Corporation (or any of its subsidiaries), or any other person or entity.CONFIDENTIALITY This e-mail message and any attachments thereto, is intended only for use by the addressee(s) named herein and may contain legally privileged and/or confidential information. If you are not the intended recipient of this e-mail message, you are hereby notified that any dissemination, distribution or copying of this e-mail message, and any attachments thereto, is strictly prohibited. If you have received this e-mail message in error, please immediately notify the sender and permanently delete the original and any copies of this email and any prints thereof. ABSENT AN EXPRESS STATEMENT TO THE CONTRARY HEREINABOVE, THIS E-MAIL IS NOT INTENDED AS A SUBSTITUTE FOR A WRITING. Notwithstanding the Uniform Electronic Transactions Act or the applicability of any other law of similar substance and effect, absent an express statement to the contrary hereinabove, this e-mail message its contents, and any attachments hereto are not intended to represent an offer or acceptance to enter into a contract and are not otherwise intended to bind the sender, Sanmina-SCI Corporation (or any of its subsidiaries), or any other person or entity.
<<attachment: smime.p7s>>
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
