Yes and that button allows you to install server cert (again generated in
your case on AD CA) . CA tab allows you to install CA cert.
Greg.
27 mar 2013 16:33, "alexandre" <axel0felix(a)gmail.com> napisał(a):
Sorry my capture is not on the mail, it's the point 12.2.1.
4.c.Go to
the *CA Certs* tab, and click *Install* at the bottom of the window.
On this link:
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9...
Thanks
2013/3/27 alexandre <axel0felix(a)gmail.com>
> Thanks for the new Link !
>
> @Rich Megginson "It's not the 389DS server certificate, but the CA
> certificate for the CA that issued the 389DS server certificate, that you
> need for PassSync"
>
> @Grzegorz Dwornicki "But you must generate cert for DS on AD CA. Then
> you need to import this cert with AD CA cert on DS"
>
> Sorry I don't understand "CA certificate for the CA that issued the 389DS
> server certificate", I have to export this one below to the AD? (it's empty
> on this capture, but with CA certificate on my directory server):
>
>
>
> @Grzegorz Dwornicki --> do you have a procedure to do that ? I don't
> find in redhat documentation. (when you said AD CA, do you consider that
> AD CA = Authority installed on my AD ?)
>
> Many thanks, for your answers. And your patience about my translation
> problems.
>
> Best regards,
> Alex
>
>
>
>
> 2013/3/27 Grzegorz Dwornicki <gd1100(a)gmail.com>
>
>> I had missunderstood you im this case. No you don't need to create
>> second CA. But you must generate cert for DS on AD CA. Then you need to
>> import this cert with AD CA cert on DS
>>
>> Greg.
>> 27 mar 2013 15:41, "alexandre" <axel0felix(a)gmail.com>
napisał(a):
>>
>> I'm really impressed by the reactivity of this list !!!
>>>
>>> Sorry my understanding is not perfect because i'm french, so I don't
>>> have any CA in my DS, I have one CA (installed on my domain controller).
>>>
>>> Do I need to install a CA in my DS ? (when I write CA for me it means a
>>> Authority).
>>>
>>>
>>> Alex
>>>
>>>
>>> 2013/3/27 Grzegorz Dwornicki <gd1100(a)gmail.com>
>>>
>>>> If you have diferent CA in AD vs DS then you need to do this import.
>>>>
>>>> AD by default don't use LDAPS or STARTSSL soo you need to install ms
>>>> cert CA stuff.
>>>>
>>>> Greg.
>>>> 27 mar 2013 15:07, "alexandre" <axel0felix(a)gmail.com>
napisał(a):
>>>>
>>>>> Hello,
>>>>>
>>>>> I try to follow this procedure :
>>>>>
>>>>>
>>>>>
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/8...
>>>>>
>>>>> Everything works fine, except I don't understand right this
line:
>>>>>
>>>>> "Import the CA certificate from Directory Server into Active
>>>>> Directory. Click *Trusted Root CA*, then *Import*, and browse for
>>>>> the Directory Server CA certificate."
>>>>>
>>>>> For me CA certificate, it's a certificate from the Authority, so
in
>>>>> my Active Directory the certificate from the authority is already
know in
>>>>> the Trusted Root CA.
>>>>>
>>>>> So, do I need to import 389DS server certificate in my active
>>>>> directory ?
>>>>>
>>>>> And finally, there is no indication to do that, someone can help me
>>>>> to pass through ?
>>>>>
>>>>> Thanks in advance.
>>>>>
>>>>> Best regards,
>>>>> Alex
>>>>>
>>>>> --
>>>>> 389 users mailing list
>>>>> 389-users(a)lists.fedoraproject.org
>>>>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>>>
>>>>
>>>> --
>>>> 389 users mailing list
>>>> 389-users(a)lists.fedoraproject.org
>>>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>>
>>>
>>>
>>> --
>>> 389 users mailing list
>>> 389-users(a)lists.fedoraproject.org
>>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>>>
>>
>> --
>> 389 users mailing list
>> 389-users(a)lists.fedoraproject.org
>>
https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>
>
--
389 users mailing list
389-users(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users