Hi together,
I have successfully set up my directory server. For a disaster tolerant topology I want to load balance the two servers over a F5 LTM load balancer. My problem is, that I have tried to export the certificate ( I have a self generated one ) without a result. The load balancer could only read certificates in pem format. So, if anyone of you know what type of certificate the DS uses let me know about it ;-)
The certificate was generated with the gencert.sh script which is available under
http://github.com/richm/scripts/tree/master%2Fsetupssl.sh?raw=true
I don't know very much about the SSL stuff so I am not sure If I have tried the right tools/commands.
Which one is the certificate the slapd-yourhost-cert8.db or is it only stored in there?
Thank you in advance!
Cheers
phru
Hi all,
Rusch Philipp pru09 a écrit :
Hi together,
I have successfully set up my directory server. For a disaster tolerant topology I want to load balance the two servers over a F5 LTM load balancer. My problem is, that I have tried to export the certificate ( I have a self generated one ) without a result. The load balancer could only read certificates in pem format. So, if anyone of you know what type of certificate the DS uses let me know about it ;-)
The certificate was generated with the gencert.sh script which is available under
http://github.com/richm/scripts/tree/master%2Fsetupssl.sh?raw=true
I don't know very much about the SSL stuff so I am not sure If I have tried the right tools/commands.
Which one is the certificate the slapd-yourhost-cert8.db or is it only stored in there?
Thank you in advance!
Cheers
phru
I had the same issue exporting my certificate in pkcs12 format to import it to the radius part of my authentification server.
Indeed, there are two certificates in the pkcs12 file for chaining with root certificat, you must specify to write options to extract only the good one (or edit the pem on you own to cut off the bad one).
# certutil --d . -L
# pk12util --d . --o ldap-server.pk12 --n «certificate name »
# pk12util --d /etc/dirsrv/slapd-server/ -i ldap-server.pk12 --n «certificat name»
# openssl pcks12 -clcerts : no client certificate -cacerts : no CA certificate
I think the option -cacerts will fix your issue as it fixed mine.
In fact, it's a bug with poor implementations of pem file reading (like freeradius does).
Hope it would help.
Regards.
Rusch Philipp pru09 wrote:
Hi together,
I have successfully set up my directory server. For a disaster tolerant topology I want to load balance the two servers over a F5 LTM load balancer. My problem is, that I have tried to export the certificate ( I have a self generated one ) without a result. The load balancer could only read certificates in pem format. So, if anyone of you know what type of certificate the DS uses let me know about it ;-)
The certificate was generated with the gencert.sh script which is available under
http://github.com/richm/scripts/tree/master%2Fsetupssl.sh?raw=true
I don’t know very much about the SSL stuff so I am not sure If I have tried the right tools/commands.
Which one is the certificate the slapd-yourhost-cert8.db or is it only stored in there?
What version of Fedora DS are you using? Do you need both the cert and the key, or just the cert?
Thank you in advance!
Cheers
phru
-- Fedora-directory-users mailing list Fedora-directory-users@redhat.com https://www.redhat.com/mailman/listinfo/fedora-directory-users
389-users@lists.fedoraproject.org