[Fedora-directory-users] Generating and installing certificates for Fedora-ds 1.1.0 usig Openssl base CA

Wednesday, 6 February 2008

We have a CA using our corporate certificate which we want to sign our 
certificates for the fedora-ds and clients.

I am trying to work out how to do this. The setupssl2 script works fine 
in generating and installing a self-signed certifictae on the server(s) 
but we now want to generate and sign using our CA.

Does anybody have a set of instructions that would cover this case?

In particular I would like to understand when the use of certutil is 
mandatory and when it can be replaced with one or more openssl commands.

Eventually I would like to be able to configure the server using the 
setup-ds-admin script with a certificate already pre-generated by 
openssl quoted as the CACertificate parameter.

One complication to all of this is that we need to assign a number of 
SubjectAltNames to the certificates so that a server may have multiple 
identities!

Regards, Howard

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005