On 24 Dec 2012, at 12:52 PM, Vlad vovan@vovan.nl wrote:
I don't see the problem. Simply install DS without SSL and then:
- use ldapmodify to import SSL settings (see the example below)
- use pk12util tiu import certificate
- use certutil to change trusts
All the things above could be done completely unattended…
The problem is that the above shouldn't be necessary, because setup-ds.pl has the INF file and ConfigFile options to provide the config in one go. This ConfigFile mechanism is rendered useless, because there is no ability to configure the certificate database in advance.
Regards, Graham --