Re: [389-users] HOW TO INSTALL NEW INTERMEDIATE CA CERTIFICATES ON 389 DS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 01/25/2011 06:08 PM, Tim Weichel wrote:

All,

I have installed 389 servers and in the process of requesting new 4 year SSL certificates for my servers. To do so Verisign is only accepting 2048-bit and higher CSR’s only for 3 year certificates.

No problem I manually created a new CSR with 2048 bits using openssl, received my new cert from verisign and have installed it successfully.

 

Now that I have the new cert installed and SSL configured and my pin.txt file in place I find that upon start-up of the directory service the certificate will not properly verify and the startup fails.

 

Based on the VeriSign advisory AD220 (https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AD220)

It appears that I need to update the directory servers VeriSign intermediate certificates in order to properly validate my new 2048 cert upon startup.

My new certificate came with the notice also as follows: In order for your VeriSign SSL Certificate to function properly, NEW Primary and Secondary VeriSign Intermediate CA Certificates must be installed.

 

So has anyone actually updated or installed the new primary and secondary intermediate CA certificates.

The usual methods of certutil command and the Management Console wizard have all failed to install the provided intermediate CA bundle provided by VeriSign.

What exactly did you try and how exactly did it fail?  Please provide the exact certutil command line arguments.

Also I am not running Apache, I only have the 389 Management Console serving web for the servers.

 

Thanks appreciate your assistance. Love the list server you guys ROCK!.........................Tim

 

-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux