Prashanth Sundaram
2009-Aug-12 21:10 UTC
Re: [389-users] Command line to request certificate
Rich, The script that you directed me to, it installs the CA cert in the server cert tab when I check in console. I tried manually adding it but it would still end up along with Directory server-cert. Also the admin server-cert shows up here as well. How do I troubleshoot that? The certs are fine in Admin server, but not in Directory instance. http://directory.fedoraproject.org/wiki/Howto:SSL#Script Another question: Since I am going to have two ldap servers and VIPs, can I just specify the DNS host names with the certificate like add certutil S.... 8 ldap.foo1.com.ldap.foo2.com within the script, saving extra work? Thanks for your help!!
Prashanth Sundaram wrote:> Rich, > > The script that you directed me to, it installs the CA cert in the > server cert tab when I check in console.There is a bug in the script - it doesn''t add all of the flags to the CA cert to make it show up as a CA cert in the console. But it really is a CA cert and you can use it as a CA cert.> I tried manually adding it but it would still end up along with > Directory server-cert.That''s annoying, but it should still work for TLS/SSL just fine.> Also the admin server-cert shows up here as well.Right. The script generates the admin server cert in the directory server cert database, then exports it for use in the admin server cert database.> > How do I troubleshoot that? The certs are fine in Admin server, but > not in Directory instance. > > http://directory.fedoraproject.org/wiki/Howto:SSL#Script > > Another question: Since I am going to have two ldap servers and VIPs, > can I just specify the DNS host names with the certificate like add > certutil –S.... –8 ldap.foo1.com.ldap.foo2.com within the script, > saving extra work?Sure - feel free to hack the script as you need to.> > Thanks for your help!! > ------------------------------------------------------------------------ > > -- > 389 users mailing list > 389-users@redhat.com > https://www.redhat.com/mailman/listinfo/fedora-directory-users >