Yes I understand that.

To resume, I have a server-cert and a CA cert in my 389DS. I have a CA cert in my active directory.

So I need server cert in my AD !?

I don't really understand "But you must generate cert for DS on AD CA", if I did a request by web-enrollment from my 389DS, and install it on my 389DS, it's good like that ?

Thanks a lot !
Alex


2013/3/27 Grzegorz Dwornicki <gd1100@gmail.com>

Yes and that button allows you to install server cert (again generated in your case on AD CA) . CA tab allows you to install CA cert.

Greg.

27 mar 2013 16:33, "alexandre" <axel0felix@gmail.com> napisał(a):

Sorry my capture is not on the mail, it's the point 12.2.1.     4.c.Go to the CA Certs tab, and click Install at the bottom of the window.
On this link: https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Windows_Sync-Configuring_Windows_Sync.html

Thanks


2013/3/27 alexandre <axel0felix@gmail.com>
Thanks for the new Link !

@Rich Megginson    "It's not the 389DS server certificate, but the CA certificate for the CA that issued the 389DS server certificate, that you need for PassSync" 
 
@Grzegorz Dwornicki  "But you must generate cert for DS on AD CA. Then you need to import this cert with AD CA cert on DS"

Sorry I don't understand "CA certificate for the CA that issued the 389DS server certificate", I have to export this one below to the AD? (it's empty on this capture, but with CA certificate on my directory server):



@Grzegorz Dwornicki --> do you have a procedure to do that ? I don't find in redhat documentation. (when you said AD CA, do you consider that AD CA = Authority installed on my AD ?)

Many thanks, for your answers. And your patience about my translation problems.

Best regards,
Alex




2013/3/27 Grzegorz Dwornicki <gd1100@gmail.com>

I had missunderstood you im this case. No you don't need to create second CA. But you must generate cert for DS on AD CA. Then you need to import this cert with AD CA cert on DS

Greg.

27 mar 2013 15:41, "alexandre" <axel0felix@gmail.com> napisał(a):

I'm really impressed by the reactivity of this list !!!

Sorry my understanding is not perfect because i'm french, so I don't have any CA in my DS, I have one CA (installed on my domain controller).

Do I need to install a CA in my DS ? (when I write CA for me it means a Authority).


Alex


2013/3/27 Grzegorz Dwornicki <gd1100@gmail.com>

If you have diferent CA in AD vs DS then you need to do this import.

AD by default don't use LDAPS or STARTSSL soo you need to install ms cert CA stuff.

Greg.

27 mar 2013 15:07, "alexandre" <axel0felix@gmail.com> napisał(a):
Everything works fine, except I don't understand right this line:

"Import the CA certificate from Directory Server into Active Directory. Click Trusted Root CA, then Import, and browse for the Directory Server CA certificate."

For me CA certificate, it's a certificate from the Authority, so in my Active Directory the certificate from the authority is already know in the Trusted Root CA.

So, do I need to import 389DS server certificate in my active directory ?

And finally, there is no indication to do that, someone can help me to pass through ?

Thanks in advance.

Best regards,
Alex

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users



--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users