Prashanth Sundaram wrote:
There is a bug in the script - it doesn't add all of the flags to the CA cert to make it show up as a CA cert in the console. But it really is a CA cert and you can use it as a CA cert.Rich,The script that you directed me to, it installs the CA cert in the server cert tab when I check in console.
I tried manually adding it but it would still end up along with Directory server-cert.
That's annoying, but it should still work for TLS/SSL just fine.
Right. The script generates the admin server cert in the directory server cert database, then exports it for use in the admin server cert database.Also the admin server-cert shows up here as well.
How do I troubleshoot that? The certs are fine in Admin server, but not in Directory instance.http://directory.fedoraproject.org/wiki/Howto:SSL#ScriptAnother question: Since I am going to have two ldap servers and VIPs, can I just specify the DNS host names with the certificate like add certutil –S.... –8 ldap.foo1.com.ldap.foo2.com within the script, saving extra work?
Sure - feel free to hack the script as you need to.
Thanks for your help!! ------------------------------------------------------------------------ -- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
<<attachment: smime.p7s>>
-- 389 users mailing list 389-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
