Re: [Fedora-directory-users] Importing private key into certificate store
Or since you have 2 PEM files, you can use openssl to convert it into
PKCS#12 file:
% openssl pkcs12 -export -in cert.pem -inkey key.pem -out cert.p12 -name
\"Server-Cert\" -passout pass:foo
You can then import that into your database with something like:
% pk12util -i cert.p12 -d <server-root>/alias -P slapd-YOURHOST- -W foo
Replace <server-root> with the path to your DS install, probably
/opt/fedora-ds. Check the alias directory to see what the value of
YOURHOST should be. Note that the trailing dash is important.
rob
Rich Megginson wrote:
You need to get your CA to export your key/cert data in pkcs12 (.p12)
format, then use the FDS pk12util to import both the key and cert.
Kevin M. Myer wrote:
> Hello,
>
> I would like to use an external application to handle my certificate
> request
> (I'm using self-signed certificates - essentially my CA application would
> generate the request and then sign it, instead of using any of the FDS
> components to generate the request). This process works fine, except
> that
> there doesn't appear to be an easy way to get the private key for the
> certificate into the certificate store. Obviously, if you use the
> certificate
> wizard or certutil to generate the request, the key ends up in the
> store. But
> if you don't, is there a way to import a key, so that importing a
> certificate
> will work? Currently it balks about importing a signed certificate
> because the
> private key is missing. I tried combining key and certificate into
> one file
> (PEM format) but that didn't help.
>
> Kevin
>
>
>
------------------------------------------------------------------------
--
Fedora-directory-users mailing list
Fedora-directory-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachments:
- smime.p7s (application/x-pkcs7-signature — 3.1 KB)