Well back in centos/redhat/fedora directory server this could be done like this: <br><br>First you should check what certificates names you have in certutil database. In slapd directory type:<br><br>certutil -d . -L<br><br>
this should show you all certificates in database (server certificates aswell). Usualy CA certs are named soo you could recognize them.<br><br>Now you need to chose the CA certificate from the list and use it in this command:<br>
<br>certutil -d . -L -n "THE_NAME_OF_YOU_CA_CERT_HERE" -a > /root/ds-ca.crt<br><br>I did not use much 389 but i think this should work on 389 as well as on el5 distros where I've tested this way of exporting certs.<br>
<br>Rest of atricle should be clear now. Remember to enable ssl/tls or starttls on 389.<br><br>Good luck<br>Grzegorz<br><br><div class="gmail_quote">2012/7/27 fosiul alam <span dir="ltr"><<a href="mailto:expertalert@gmail.com" target="_blank">expertalert@gmail.com</a>></span><br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">HI i have installed ssl certificate from bellow script<br><a href="https://github.com/richm/scripts/blob/master/setupssl2.sh" target="_blank">https://github.com/richm/scripts/blob/master/setupssl2.sh</a><br>
<br>it went fine. <br>but I dont understand, how will i create Certificate file for the clients.<br>
<br>according to documentation :<a href="http://directory.fedoraproject.org/wiki/Howto:SSL#Configure_LDAP_clients" target="_blank">http://directory.fedoraproject.org/wiki/Howto:SSL#Configure_LDAP_clients</a><br>i need to expoert CA cert from ASCII which is <br>
cacert.asc , but dont understand how will i do that<br><br>I have cacert.asc in /etc/dirsrv/slapd-instance directory<br>but dont know how to export cert file into client <br><pre style="text-indent:0px;letter-spacing:normal;font-variant:normal;text-align:-webkit-auto;font-style:normal;background-color:rgb(249,249,249);font-weight:normal;padding:1em;line-height:1.1em;text-transform:none;border:1px dashed rgb(47,111,171);word-spacing:0px">
/etc/openldap/cacerts/</pre>I am trying this from last couple of day.<br>can any one please help me .<br>
<br>--<br>
389 users mailing list<br>
<a href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a><br>
<a href="https://admin.fedoraproject.org/mailman/listinfo/389-users" target="_blank">https://admin.fedoraproject.org/mailman/listinfo/389-users</a><br></blockquote></div><br>