Michał Droździewicz
2007-Jan-24 14:03 UTC
[Fedora-directory-users] SSL Certs without password
Hello, I know how to generate certs with passwords, but this results in password prompt at server startup and reboot. Is there a way to generate SSL certificate without password? -- xmpp/email: koniczynek@uaznia.net xmpp/email: koniczynek@gmail.com
Richard Megginson
2007-Jan-24 14:03 UTC
Re: [Fedora-directory-users] SSL Certs without password
Rob Crittenden
2007-Jan-24 14:17 UTC
Re: [Fedora-directory-users] SSL Certs without password
Richard Megginson wrote:> Michał Droździewicz wrote: >> Hello, >> I know how to generate certs with passwords, but this results in >> password prompt at server startup and reboot. Is there a way to >> generate SSL certificate without password? > NSS always requires a password in order to unlock your server key. See > the shell script at > http://directory.fedora.redhat.com/wiki/Howto:SSL#Script for an example > of how to create a password file.Actually, a password isn''t required by NSS. To change an existing database to a NULL password use the modutil command. Its syntax is slightly different from the other NSS utilities but it has a decent help output if you don''t get it quite right. To change an existing database to be a blank password: % modutil -dbdir /opt/fedora-ds/alias -dbprefix slapd-foo- -changepw "NSS Certificate DB" Enter the old password then press Enter twice for the new password to blank it out. To generate a new database with a blank password with certutil do something like: % certutil -N -d /opt/fedora-ds/alias -P slapd-foo- Press Enter twice. rob
Michał Droździewicz
2007-Jan-24 14:56 UTC
Re: [Fedora-directory-users] SSL Certs without password
Rob Crittenden napisał(a):> % modutil -dbdir /opt/fedora-ds/alias -dbprefix slapd-foo- -changepw > "NSS Certificate DB" > > Enter the old password then press Enter twice for the new password to > blank it out.This is what I need and it works perfectly, thanks :) -- xmpp/email: koniczynek@uaznia.net xmpp/email: koniczynek@gmail.com