Re: Command line to request certificate

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Prashanth Sundaram wrote:

All,
I know I am being a bummer here, but I am running into problems now and then. The reason is I am trying to script out the FDS deployment. 

Here are my questions:

   1. What is the command line equivalent of requesting a server
      certificate for Admin Server and Directory server? The console
      works fine.

         I am using openssl to generate certificates in x509 format.
There is a script which creates a self signed CA cert, then uses that CA to create server certs, using the certutil and pk12util command line tools. Have you seen this - http://directory.fedoraproject.org/wiki/Howto:SSL#Script
2. In order to setup subsequent FDS servers, I should copy /etc/dirsrv ; /usr/lib/dirsrv / ; /var/lib/dirsrv to the other hosts. Is this correct? 
No.

And Run register-ds-admin.pl

No.
You should not copy anything. You should simply run setup-ds-admin.pl on each machine. If you want to use a centralized console, that is, if you want to be able to see all of your servers no matter where you run the console, then you should select the option to use an existing configuration directory server on each server (other than the first one, of course).
Have you read the Install Guide - http://www.redhat.com/docs/manuals/dir-server/8.1/install/index.html
3.If I do as in 2. Not sure if the certificates will cause issue. Also I am using ldap.domain.com as server identifier and mapping a virtual IP for load balancing purpose. I read that server name should be same as hostname, but I am using a DNS record if ldap.domain.com. Will it cause any issues?
Yes. You will probably want to use subjectAltName in your directory server certificates. See http://directory.fedoraproject.org/wiki/Howto:SSL#Using_Subject_Alt_Name 

Thanks,
Prashanth




------------------------------------------------------------------------

--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users

<<attachment: smime.p7s>>

--
389 users mailing list
389-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-directory-users
[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux