Fedora directory users - Apr 2008 - certutil

Step 5 in section "Using certutil" of the?The Directory Server
Administrator''s Guide 7.1, Chapter 11, generates?"the encryption
key" using the -G option. According to the certutil documentation, this
generates a public/private key pair.?
What is this key pair used for? It doesn''t seem?to be the key used for
the self-signed ceritficate or the server certificate, as the -S switch on
certutil -??judging by the available options for -S? - appears to generate a new
key pair.
?
Thanks,
Gabi

ggistra@aol.com wrote:
>
> Step 5 in section "Using certutil" of the The Directory Server 
> Administrator''s Guide 7.1, Chapter 11, generates "the
encryption key"
> using the -G option. According to the certutil documentation, this 
> generates a public/private key pair.
I think it''s the encryption key for the self signed CA you are
creating.
> /What is this key pair used for?/ It doesn''t seem to be the key
used
> for the self-signed ceritficate or the server certificate, as the -S 
> switch on certutil -  judging by the available options for -S  - 
> appears to generate a new key pair.
>  
> Thanks,
> Gabi
> ------------------------------------------------------------------------
> Get the MapQuest Toolbar 
> <http://www.mapquest.com/toolbar?NCID=mpqmap00030000000003>, Maps, 
> Traffic, Directions & More!
> ------------------------------------------------------------------------
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>

I posted a similar question on the NSS newsgroup and asked about usage of
certutil documented in the RH DS Admin Guide.
The response I got is that step 5 in section "using certutil" is a
no-op.

For detail, please see
http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/ae13056d51d189ac

- David


On Tue, Apr 8, 2008 at 3:50 PM, Rich Megginson <rmeggins@redhat.com>
wrote:
> ggistra@aol.com wrote:
>
> >
> > Step 5 in section "Using certutil" of the The Directory
Server
> > Administrator''s Guide 7.1, Chapter 11, generates "the
encryption key" using
> > the -G option. According to the certutil documentation, this generates
a
> > public/private key pair.
> >
> I think it''s the encryption key for the self signed CA you are
creating.
>
> > /What is this key pair used for?/ It doesn''t seem to be the
key used for
> > the self-signed ceritficate or the server certificate, as the -S
switch on
> > certutil -  judging by the available options for -S  - appears to
generate a
> > new key pair.
> >  Thanks,
> > Gabi
> >
------------------------------------------------------------------------
> > Get the MapQuest Toolbar <
> > http://www.mapquest.com/toolbar?NCID=mpqmap00030000000003>, Maps,
> > Traffic, Directions & More!
> >
------------------------------------------------------------------------
> >
> > --
> > Fedora-directory-users mailing list
> > Fedora-directory-users@redhat.com
> > https://www.redhat.com/mailman/listinfo/fedora-directory-users
> >
> >
>
>
> --
> Fedora-directory-users mailing list
> Fedora-directory-users@redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-directory-users
>
>