Hello,
I try to follow this procedure :
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/8.2/...
Everything works fine, except I don't understand right this line:
"Import the CA certificate from Directory Server into Active Directory. Click *Trusted Root CA*, then *Import*, and browse for the Directory Server CA certificate."
For me CA certificate, it's a certificate from the Authority, so in my Active Directory the certificate from the authority is already know in the Trusted Root CA.
So, do I need to import 389DS server certificate in my active directory ?
And finally, there is no indication to do that, someone can help me to pass through ?
Thanks in advance.
Best regards, Alex
If you have diferent CA in AD vs DS then you need to do this import.
AD by default don't use LDAPS or STARTSSL soo you need to install ms cert CA stuff.
Greg. 27 mar 2013 15:07, "alexandre" axel0felix@gmail.com napisał(a):
Hello,
I try to follow this procedure :
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/8.2/...
Everything works fine, except I don't understand right this line:
"Import the CA certificate from Directory Server into Active Directory. Click *Trusted Root CA*, then *Import*, and browse for the Directory Server CA certificate."
For me CA certificate, it's a certificate from the Authority, so in my Active Directory the certificate from the authority is already know in the Trusted Root CA.
So, do I need to import 389DS server certificate in my active directory ?
And finally, there is no indication to do that, someone can help me to pass through ?
Thanks in advance.
Best regards, Alex
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
I'm really impressed by the reactivity of this list !!!
Sorry my understanding is not perfect because i'm french, so I don't have any CA in my DS, I have one CA (installed on my domain controller).
Do I need to install a CA in my DS ? (when I write CA for me it means a Authority).
Alex
2013/3/27 Grzegorz Dwornicki gd1100@gmail.com
If you have diferent CA in AD vs DS then you need to do this import.
AD by default don't use LDAPS or STARTSSL soo you need to install ms cert CA stuff.
Greg. 27 mar 2013 15:07, "alexandre" axel0felix@gmail.com napisał(a):
Hello,
I try to follow this procedure :
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/8.2/...
Everything works fine, except I don't understand right this line:
"Import the CA certificate from Directory Server into Active Directory. Click *Trusted Root CA*, then *Import*, and browse for the Directory Server CA certificate."
For me CA certificate, it's a certificate from the Authority, so in my Active Directory the certificate from the authority is already know in the Trusted Root CA.
So, do I need to import 389DS server certificate in my active directory ?
And finally, there is no indication to do that, someone can help me to pass through ?
Thanks in advance.
Best regards, Alex
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
I had missunderstood you im this case. No you don't need to create second CA. But you must generate cert for DS on AD CA. Then you need to import this cert with AD CA cert on DS
Greg. 27 mar 2013 15:41, "alexandre" axel0felix@gmail.com napisał(a):
I'm really impressed by the reactivity of this list !!!
Sorry my understanding is not perfect because i'm french, so I don't have any CA in my DS, I have one CA (installed on my domain controller).
Do I need to install a CA in my DS ? (when I write CA for me it means a Authority).
Alex
2013/3/27 Grzegorz Dwornicki gd1100@gmail.com
If you have diferent CA in AD vs DS then you need to do this import.
AD by default don't use LDAPS or STARTSSL soo you need to install ms cert CA stuff.
Greg. 27 mar 2013 15:07, "alexandre" axel0felix@gmail.com napisał(a):
Hello,
I try to follow this procedure :
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/8.2/...
Everything works fine, except I don't understand right this line:
"Import the CA certificate from Directory Server into Active Directory. Click *Trusted Root CA*, then *Import*, and browse for the Directory Server CA certificate."
For me CA certificate, it's a certificate from the Authority, so in my Active Directory the certificate from the authority is already know in the Trusted Root CA.
So, do I need to import 389DS server certificate in my active directory ?
And finally, there is no indication to do that, someone can help me to pass through ?
Thanks in advance.
Best regards, Alex
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On 03/27/2013 08:46 AM, Grzegorz Dwornicki wrote:
I had missunderstood you im this case. No you don't need to create second CA. But you must generate cert for DS on AD CA. Then you need to import this cert with AD CA cert on DS
You don't have to use AD CA to generate the 389DS server cert. You can, and it may be the best way to do it.
Greg.
27 mar 2013 15:41, "alexandre" <axel0felix@gmail.com mailto:axel0felix@gmail.com> napisał(a):
I'm really impressed by the reactivity of this list !!! Sorry my understanding is not perfect because i'm french, so I don't have any CA in my DS, I have one CA (installed on my domain controller). Do I need to install a CA in my DS ? (when I write CA for me it means a Authority). Alex 2013/3/27 Grzegorz Dwornicki <gd1100@gmail.com <mailto:gd1100@gmail.com>> If you have diferent CA in AD vs DS then you need to do this import. AD by default don't use LDAPS or STARTSSL soo you need to install ms cert CA stuff. Greg. 27 mar 2013 15:07, "alexandre" <axel0felix@gmail.com <mailto:axel0felix@gmail.com>> napisał(a): Hello, I try to follow this procedure : https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Windows_Sync-Configuring_Windows_Sync.html Everything works fine, except I don't understand right this line: "Import the CA certificate from Directory Server into Active Directory. Click *Trusted Root CA*, then *Import*, and browse for the Directory Server CA certificate." For me CA certificate, it's a certificate from the Authority, so in my Active Directory the certificate from the authority is already know in the Trusted Root CA. So, do I need to import 389DS server certificate in my active directory ? And finally, there is no indication to do that, someone can help me to pass through ? Thanks in advance. Best regards, Alex -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Thanks for the new Link !
@Rich Megginson "It's not the 389DS server certificate, but the CA certificate for the CA that issued the 389DS server certificate, that you need for PassSync"
@Grzegorz Dwornicki "But you must generate cert for DS on AD CA. Then you need to import this cert with AD CA cert on DS"
Sorry I don't understand "CA certificate for the CA that issued the 389DS server certificate", I have to export this one below to the AD? (it's empty on this capture, but with CA certificate on my directory server):
@Grzegorz Dwornicki --> do you have a procedure to do that ? I don't find in redhat documentation. (when you said AD CA, do you consider that AD CA = Authority installed on my AD ?)
Many thanks, for your answers. And your patience about my translation problems.
Best regards, Alex
2013/3/27 Grzegorz Dwornicki gd1100@gmail.com
I had missunderstood you im this case. No you don't need to create second CA. But you must generate cert for DS on AD CA. Then you need to import this cert with AD CA cert on DS
Greg. 27 mar 2013 15:41, "alexandre" axel0felix@gmail.com napisał(a):
I'm really impressed by the reactivity of this list !!!
Sorry my understanding is not perfect because i'm french, so I don't have any CA in my DS, I have one CA (installed on my domain controller).
Do I need to install a CA in my DS ? (when I write CA for me it means a Authority).
Alex
2013/3/27 Grzegorz Dwornicki gd1100@gmail.com
If you have diferent CA in AD vs DS then you need to do this import.
AD by default don't use LDAPS or STARTSSL soo you need to install ms cert CA stuff.
Greg. 27 mar 2013 15:07, "alexandre" axel0felix@gmail.com napisał(a):
Hello,
I try to follow this procedure :
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/8.2/...
Everything works fine, except I don't understand right this line:
"Import the CA certificate from Directory Server into Active Directory. Click *Trusted Root CA*, then *Import*, and browse for the Directory Server CA certificate."
For me CA certificate, it's a certificate from the Authority, so in my Active Directory the certificate from the authority is already know in the Trusted Root CA.
So, do I need to import 389DS server certificate in my active directory ?
And finally, there is no indication to do that, someone can help me to pass through ?
Thanks in advance.
Best regards, Alex
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Sorry my capture is not on the mail, it's the point 12.2.1. 4.c.Go to the *CA Certs* tab, and click *Install* at the bottom of the window. On this link: https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/...
Thanks
2013/3/27 alexandre axel0felix@gmail.com
Thanks for the new Link !
@Rich Megginson "It's not the 389DS server certificate, but the CA certificate for the CA that issued the 389DS server certificate, that you need for PassSync"
@Grzegorz Dwornicki "But you must generate cert for DS on AD CA. Then you need to import this cert with AD CA cert on DS"
Sorry I don't understand "CA certificate for the CA that issued the 389DS server certificate", I have to export this one below to the AD? (it's empty on this capture, but with CA certificate on my directory server):
@Grzegorz Dwornicki --> do you have a procedure to do that ? I don't find in redhat documentation. (when you said AD CA, do you consider that AD CA = Authority installed on my AD ?)
Many thanks, for your answers. And your patience about my translation problems.
Best regards, Alex
2013/3/27 Grzegorz Dwornicki gd1100@gmail.com
I had missunderstood you im this case. No you don't need to create second CA. But you must generate cert for DS on AD CA. Then you need to import this cert with AD CA cert on DS
Greg. 27 mar 2013 15:41, "alexandre" axel0felix@gmail.com napisał(a):
I'm really impressed by the reactivity of this list !!!
Sorry my understanding is not perfect because i'm french, so I don't have any CA in my DS, I have one CA (installed on my domain controller).
Do I need to install a CA in my DS ? (when I write CA for me it means a Authority).
Alex
2013/3/27 Grzegorz Dwornicki gd1100@gmail.com
If you have diferent CA in AD vs DS then you need to do this import.
AD by default don't use LDAPS or STARTSSL soo you need to install ms cert CA stuff.
Greg. 27 mar 2013 15:07, "alexandre" axel0felix@gmail.com napisał(a):
Hello,
I try to follow this procedure :
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/8.2/...
Everything works fine, except I don't understand right this line:
"Import the CA certificate from Directory Server into Active Directory. Click *Trusted Root CA*, then *Import*, and browse for the Directory Server CA certificate."
For me CA certificate, it's a certificate from the Authority, so in my Active Directory the certificate from the authority is already know in the Trusted Root CA.
So, do I need to import 389DS server certificate in my active directory ?
And finally, there is no indication to do that, someone can help me to pass through ?
Thanks in advance.
Best regards, Alex
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Yes and that button allows you to install server cert (again generated in your case on AD CA) . CA tab allows you to install CA cert.
Greg. 27 mar 2013 16:33, "alexandre" axel0felix@gmail.com napisał(a):
Sorry my capture is not on the mail, it's the point 12.2.1. 4.c.Go to the *CA Certs* tab, and click *Install* at the bottom of the window. On this link: https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/...
Thanks
2013/3/27 alexandre axel0felix@gmail.com
Thanks for the new Link !
@Rich Megginson "It's not the 389DS server certificate, but the CA certificate for the CA that issued the 389DS server certificate, that you need for PassSync"
@Grzegorz Dwornicki "But you must generate cert for DS on AD CA. Then you need to import this cert with AD CA cert on DS"
Sorry I don't understand "CA certificate for the CA that issued the 389DS server certificate", I have to export this one below to the AD? (it's empty on this capture, but with CA certificate on my directory server):
@Grzegorz Dwornicki --> do you have a procedure to do that ? I don't find in redhat documentation. (when you said AD CA, do you consider that AD CA = Authority installed on my AD ?)
Many thanks, for your answers. And your patience about my translation problems.
Best regards, Alex
2013/3/27 Grzegorz Dwornicki gd1100@gmail.com
I had missunderstood you im this case. No you don't need to create second CA. But you must generate cert for DS on AD CA. Then you need to import this cert with AD CA cert on DS
Greg. 27 mar 2013 15:41, "alexandre" axel0felix@gmail.com napisał(a):
I'm really impressed by the reactivity of this list !!!
Sorry my understanding is not perfect because i'm french, so I don't have any CA in my DS, I have one CA (installed on my domain controller).
Do I need to install a CA in my DS ? (when I write CA for me it means a Authority).
Alex
2013/3/27 Grzegorz Dwornicki gd1100@gmail.com
If you have diferent CA in AD vs DS then you need to do this import.
AD by default don't use LDAPS or STARTSSL soo you need to install ms cert CA stuff.
Greg. 27 mar 2013 15:07, "alexandre" axel0felix@gmail.com napisał(a):
Hello,
I try to follow this procedure :
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/8.2/...
Everything works fine, except I don't understand right this line:
"Import the CA certificate from Directory Server into Active Directory. Click *Trusted Root CA*, then *Import*, and browse for the Directory Server CA certificate."
For me CA certificate, it's a certificate from the Authority, so in my Active Directory the certificate from the authority is already know in the Trusted Root CA.
So, do I need to import 389DS server certificate in my active directory ?
And finally, there is no indication to do that, someone can help me to pass through ?
Thanks in advance.
Best regards, Alex
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Yes I understand that.
To resume, I have a server-cert and a CA cert in my 389DS. I have a CA cert in my active directory.
So I need server cert in my AD !?
I don't really understand "But you must generate cert for DS on AD CA", if I did a request by web-enrollment from my 389DS, and install it on my 389DS, it's good like that ?
Thanks a lot ! Alex
2013/3/27 Grzegorz Dwornicki gd1100@gmail.com
Yes and that button allows you to install server cert (again generated in your case on AD CA) . CA tab allows you to install CA cert.
Greg. 27 mar 2013 16:33, "alexandre" axel0felix@gmail.com napisał(a):
Sorry my capture is not on the mail, it's the point 12.2.1. 4.c.Go to
the *CA Certs* tab, and click *Install* at the bottom of the window. On this link: https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/...
Thanks
2013/3/27 alexandre axel0felix@gmail.com
Thanks for the new Link !
@Rich Megginson "It's not the 389DS server certificate, but the CA certificate for the CA that issued the 389DS server certificate, that you need for PassSync"
@Grzegorz Dwornicki "But you must generate cert for DS on AD CA. Then you need to import this cert with AD CA cert on DS"
Sorry I don't understand "CA certificate for the CA that issued the 389DS server certificate", I have to export this one below to the AD? (it's empty on this capture, but with CA certificate on my directory server):
@Grzegorz Dwornicki --> do you have a procedure to do that ? I don't find in redhat documentation. (when you said AD CA, do you considerthat AD CA = Authority installed on my AD ?)
Many thanks, for your answers. And your patience about my translation problems.
Best regards, Alex
2013/3/27 Grzegorz Dwornicki gd1100@gmail.com
I had missunderstood you im this case. No you don't need to create second CA. But you must generate cert for DS on AD CA. Then you need to import this cert with AD CA cert on DS
Greg. 27 mar 2013 15:41, "alexandre" axel0felix@gmail.com napisał(a):
I'm really impressed by the reactivity of this list !!!
Sorry my understanding is not perfect because i'm french, so I don't have any CA in my DS, I have one CA (installed on my domain controller).
Do I need to install a CA in my DS ? (when I write CA for me it means a Authority).
Alex
2013/3/27 Grzegorz Dwornicki gd1100@gmail.com
If you have diferent CA in AD vs DS then you need to do this import.
AD by default don't use LDAPS or STARTSSL soo you need to install ms cert CA stuff.
Greg. 27 mar 2013 15:07, "alexandre" axel0felix@gmail.com napisał(a):
> Hello, > > I try to follow this procedure : > > > https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/8.2/... > > Everything works fine, except I don't understand right this line: > > "Import the CA certificate from Directory Server into Active > Directory. Click *Trusted Root CA*, then *Import*, and browse for > the Directory Server CA certificate." > > For me CA certificate, it's a certificate from the Authority, so in > my Active Directory the certificate from the authority is already know in > the Trusted Root CA. > > So, do I need to import 389DS server certificate in my active > directory ? > > And finally, there is no indication to do that, someone can help me > to pass through ? > > Thanks in advance. > > Best regards, > Alex > > -- > 389 users mailing list > 389-users@lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/389-users >
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On 03/27/2013 09:53 AM, alexandre wrote:
Yes I understand that.
To resume, I have a server-cert and a CA cert in my 389DS. I have a CA cert in my active directory.
So I need server cert in my AD !?
No. AD only needs the CA cert of the CA that issued the 389DS server cert.
I don't really understand "But you must generate cert for DS on AD CA", if I did a request by web-enrollment from my 389DS, and install it on my 389DS, it's good like that ?
Yes. But PassSync doesn't use the Windows/AD Trusted Cert store, so you still have to export that CA cert and install it using certutil, as described in the documentation for setting up PassSync.
Thanks a lot ! Alex
2013/3/27 Grzegorz Dwornicki <gd1100@gmail.com mailto:gd1100@gmail.com>
Yes and that button allows you to install server cert (again generated in your case on AD CA) . CA tab allows you to install CA cert. Greg. 27 mar 2013 16:33, "alexandre" <axel0felix@gmail.com <mailto:axel0felix@gmail.com>> napisał(a): Sorry my capture is not on the mail, it's the point 12.2.1. 4.c.Go to the *CA Certs* tab, and click *Install* at the bottom of the window. On this link: https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/html/Administration_Guide/Windows_Sync-Configuring_Windows_Sync.html Thanks 2013/3/27 alexandre <axel0felix@gmail.com <mailto:axel0felix@gmail.com>> Thanks for the new Link ! @Rich Megginson "It's not the 389DS server certificate, but the CA certificate for the CA that issued the 389DS server certificate, that you need for PassSync" @Grzegorz Dwornicki "But you must generate cert for DS on AD CA. Then you need to import this cert with AD CA cert on DS" Sorry I don't understand "CA certificate for the CA that issued the 389DS server certificate", I have to export this one below to the AD? (it's empty on this capture, but with CA certificate on my directory server): @Grzegorz Dwornicki --> do you have a procedure to do that ? I don't find in redhat documentation. (when you said AD CA, do you consider that AD CA = Authority installed on my AD ?) Many thanks, for your answers. And your patience about my translation problems. Best regards, Alex 2013/3/27 Grzegorz Dwornicki <gd1100@gmail.com <mailto:gd1100@gmail.com>> I had missunderstood you im this case. No you don't need to create second CA. But you must generate cert for DS on AD CA. Then you need to import this cert with AD CA cert on DS Greg. 27 mar 2013 15:41, "alexandre" <axel0felix@gmail.com <mailto:axel0felix@gmail.com>> napisał(a): I'm really impressed by the reactivity of this list !!! Sorry my understanding is not perfect because i'm french, so I don't have any CA in my DS, I have one CA (installed on my domain controller). Do I need to install a CA in my DS ? (when I write CA for me it means a Authority). Alex 2013/3/27 Grzegorz Dwornicki <gd1100@gmail.com <mailto:gd1100@gmail.com>> If you have diferent CA in AD vs DS then you need to do this import. AD by default don't use LDAPS or STARTSSL soo you need to install ms cert CA stuff. Greg. 27 mar 2013 15:07, "alexandre" <axel0felix@gmail.com <mailto:axel0felix@gmail.com>> napisał(a): Hello, I try to follow this procedure : https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/8.2/html/Administration_Guide/Windows_Sync-Configuring_Windows_Sync.html Everything works fine, except I don't understand right this line: "Import the CA certificate from Directory Server into Active Directory. Click *Trusted Root CA*, then *Import*, and browse for the Directory Server CA certificate." For me CA certificate, it's a certificate from the Authority, so in my Active Directory the certificate from the authority is already know in the Trusted Root CA. So, do I need to import 389DS server certificate in my active directory ? And finally, there is no indication to do that, someone can help me to pass through ? Thanks in advance. Best regards, Alex -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users -- 389 users mailing list 389-users@lists.fedoraproject.org <mailto:389-users@lists.fedoraproject.org> https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
On 03/27/2013 08:07 AM, alexandre wrote:
Hello,
I try to follow this procedure :
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/8.2/...
Everything works fine, except I don't understand right this line:
"Import the CA certificate from Directory Server into Active Directory. Click *Trusted Root CA*, then *Import*, and browse for the Directory Server CA certificate."
This step isn't really necessary. It isn't AD that talks directly to 389, it's the PassSync AD "plugin".
These directions are better: https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Directory_Server/9.0/...
For me CA certificate, it's a certificate from the Authority, so in my Active Directory the certificate from the authority is already know in the Trusted Root CA.
So, do I need to import 389DS server certificate in my active directory ?
1) No 2) It's not the 389DS server certificate, but the CA certificate for the CA that issued the 389DS server certificate, that you need for PassSync
And finally, there is no indication to do that, someone can help me to pass through ?
Thanks in advance.
Best regards, Alex
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org