Re: [389-users] advice on ssl cert rotation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Christopher Wood wrote:
> You can use certutil to manually modify the cert stores. If you installed via rpm this will already be on your systems.
>
> Not at my work systems so I don't recall which package it's in.

nss-tools.

Do you already have the new certificate? If you have it in PKCS#12 
format then you can use pk12util to load it into the appropriate NSS 
database (I'm not sure where the admin server db is, you should be able 
to find it in the admin server configuration).

If you have an updated certificate in the 389-ds NSS database under a 
different nickname and you just need to tell it to use the new one you 
can edit /etc/dirsrv/slapd-INSTANCE/dse.ldif and tell it the nickname to 
use. Look for nsSSLPersonalitySSL

rob

> On Tue, Mar 01, 2011 at 07:27:53PM -0800, jon heise wrote:
>>     Recently i had ssl certs expire on my directory servers, currently i have
>>     one running without using an ssl cert, the secondary server is still set
>>     to use the old cert and as such it is not functioning.ï On the primary
>>     server the admin server has been set to use a new self signed cert but we
>>     are locked out of that.ï Is there a way to change what cert the ldap
>>     server will load without the use of the admin server ?
>
>> --
>> 389 users mailing list
>> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users



[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux