hi i try to enable ssl with redhat documentation i use certutil to generate certificate i store in /opt/fedora-ds/slapd_myserver/alias but when in the console i check enable ssl and use cipher family rsa i don t see my certificate i use wiki fedora and do what they say but with same result i have attribute nscertfile and nscertfile in cn=encryption,cn=config with path to slapd-myserver-cert8.db and slapd-myserver-key3.db what do i forget to do ? thanks basile
i now can ldapsearch with -ZZ but still cant see my certificate in encryption tab in server console i don t understand exactly what it means basile basile au siris wrote:> hi > i try to enable ssl with redhat documentation i use certutil to > generate certificate > i store in /opt/fedora-ds/slapd_myserver/alias > but when in the console i check enable ssl and use cipher family rsa > i don t see my certificate > i use wiki fedora and do what they say but with same result > i have attribute nscertfile and nscertfile in cn=encryption,cn=config > with > path to slapd-myserver-cert8.db and slapd-myserver-key3.db > what do i forget to do ? > thanks > basile > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users
basile au siris wrote:> hi > i try to enable ssl with redhat documentation i use certutil to > generate certificate > i store in /opt/fedora-ds/slapd_myserver/alias > but when in the console i check enable ssl and use cipher family rsa > i don t see my certificate > i use wiki fedora and do what they say but with same result > i have attribute nscertfile and nscertfile in cn=encryption,cn=config > with > path to slapd-myserver-cert8.db and slapd-myserver-key3.db > what do i forget to do ?/opt/fedora-ds/alias should have two files for your server - slapd-myserver-key3.db and slapd-myserver-cert8.db. When you use certutil or it''s related tools, there are two command line arguments which are really key - -P and -d. The argument for -P should be "slapd-myserver-". Notice the "-" at the end. If you do not specify this "-" at the end, you will not get your desired results. The argument for -d should always be /opt/fedora-ds/alias - this directory is (for historical reasons) the directory in to which all of the crypto files go.> thanks > basile > > -- > Fedora-directory-users mailing list > Fedora-directory-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users